Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi... I've installed my apache server with apt-get install... But now I want to make .htaccess work because I need to password protect a directory... Can anyone guide me through it? I know it's not quite like getting it to work on other distros.. and I haven't been able to find a good guide.... So I'm hoping someone has been doing this before!
Oh.. sorry... a couple of hours after posting in here.. I got it working.. but I just have a small issue... What security precautions should I take to completely secure the directory... Because, when prompted to login, if a hacker knew my username.. what's going to stop him form just bruteforcing his way into the directory?
Originally posted by Mondus what's going to stop him form just bruteforcing his way into the directory?
a strong password?
ok, .htaccess is not the strongest way to protect a directory. if someone knows your user, it is still necessary to "guess" your pass.
if you really need something safe, you should get your hands dirty with php.
regards,
slackie1000
Originally posted by Mondus but what's to stop them from doing it by means of bruteforcing?
short answer: nothing.
it is like ssh. you can not stop it. but there are ways to prevent or make it difficult.
about .htaccess i must again point you to the excellent apache documentation. to give you some ideas, what is possible with .htaccess for example is blocking ips, domains and such things. but you can not prevent a brute force attack. like i wrote before if you have really important content to protect .htaccess is not the solution.
regards,
slackie1000
short answer: nothing.
it is like ssh. you can not stop it. but there are ways to prevent or make it difficult.
about .htaccess i must again point you to the excellent apache documentation. to give you some ideas, what is possible with .htaccess for example is blocking ips, domains and such things. but you can not prevent a brute force attack. like i wrote before if you have really important content to protect .htaccess is not the solution.
regards,
slackie1000
Ok.. so there are ways to make it difficult... Which ways? Can I for example define a waiting period before a retry login?
Ok, so now we've established that .htaccess is not the best idea... But then what is? What's a good alternative?
hi there,
nope. afaik it is not possible to define time periods with .htaccess. l
ike i already wrote you can use a php authentication, where you can define time periods along with other security things.. this can be useful for you.
regards,
slackie1000
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
