Limit retries for secured directory with .htaccess file

bathory · 02-01-2017, 07:53 AM

Quote:

Originally Posted by gemmajid

I have followed the modsecurity example mentioned by you earlier, i have entered codes in vhost file as well but no success yet.

Could you be more specific? Give some logs or post your configuration

sundialsvcs · 02-01-2017, 10:13 AM

If you truly need to wall-off Apache – or any other application – then I suggest that AppArmor technology is a very good thing to use.

It employs many of the same operating-system hooks as SELinux (Security-Enhanced Linux), but IMHO it is considerably easier to understand and therefore to use.

Habitual · 02-01-2017, 11:20 AM

htpasswd is "basic authorization".
See http://serverfault.com/questions/350...credent#350197
suggests PAM module.

If the directory is using "basic authorization" why should those known to the system need limiting?

gemmajid · 02-06-2017, 12:24 AM

below mentioned is my configuration file.

Quote:

# domain: Test Domain
# public: /var/www/Test Domain/public_html/

<VirtualHost *:80>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin webmaster@testdomain
ServerName www.test domain.com
ServerAlias testdomain.com

# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /var/www/test domain/public_html
# Log file locations
LogLevel warn
ErrorLog /var/www/testdomain/log/error.log
CustomLog /var/www/testdomain/log/access.log combined

<LocationMatch /sessions>
# Uncomment to troubleshoot
#SecDebugLogLevel 9
#SecDebugLog /tmp/troubleshooting.log

# Enforce an existing IP address block
SecRule IP:bf_block "@eq 1" \
"phase:2,deny,\
msg:'IP address blocked because of suspected brute-force attack'"

# Check that this is a POST
SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,nolog,pass"
# AND Check for authentication failure and increment counters
# NOTE this is for a Rails application, you probably need to customize this
SecRule RESPONSE_STATUS "^200" \
"setvar:IP.bf_counter=+1"

# Check for too many failures from a single IP address. Block for 10 minutes.
SecRule IP:bf_counter "@ge 3" \
"phase:5,pass,t:none, \
setvar:IP.bf_block,\
setvar:!IP.bf_counter,\
expirevar:IP.bf_block=600"
</LocationMatch>
</VirtualHost>

bathory · 02-06-2017, 02:42 AM

Quote:

below mentioned is my configuration file.

What you've done is a copy/paste of the example I gave you and you expect it to work in your case! Did you bother reading at least the comments?

This example is written for Rails and works after 3 failed POSTs. What have you done to test it?

Also did you look at the apache logs?
I guess you need to at least change the 200 Response to 401 and most likely the POST to GET