Is basic Apache authentication brute force protection?

Question

Is basic Apache authentication brute force protection?

Will it be closed and blocked after repeated attempts of a false password and / or will it add spaces between repetitions? Or does it depend on which modules you or your provider install? Thanks!

+4

brute-force apache basic-authentication

Philipp lessen Apr 30 '09 at 11:59

source share

1 answer

Francis · Accepted Answer · 2009-04-30T12:19:59+0000

By default, installing Apache does not do this.

this is usually best done using your web application (e.g. PHP / JSP) to attack your account.

for a network attack, it is better not for web servers, because it is difficult to identify the source due to the large number of anonymous / transparent proxies / VPN / NAT. as soon as you implement this, you usually get a lot of “why can't I connect” complains ...

Is basic Apache authentication brute force protection?

More articles: