Support

matty · #1 11-03-2007, 10:04 PM

Hi, im running a website mainly for my own use, testing etc, however i have some parts protected by htpasswd, ive tried setting maximum requests/second to 5 on the server level, but if i hold down enter on the password prompt it pops up about 20 times per second with no blocking.

How would i go about protecting my site password protected areas from brute force/ or exploits?

Thanks

brrr · #2 11-04-2007, 03:51 AM

Perhaps have a look at using something like fail2ban. A guide to using it is here:

http://www.howtoforge.com/fail2ban_debian_etch

or BFD, esp if you use the APF firewall...
http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

Unless I am mistaken, I don't think there is anything internal that Litespeed can do to prevent brute force attacks against HTTP basic authentication. Although it would certainly be a good feature to have...

anewday · #3 04-17-2008, 06:40 PM

Use CSF, it has lfd to block it.