Feature #3113
closedFeature of brute force attack
Description
Hello,
We use lighttpd 1.4.55 version to try to customize our brute force attack protection, base on the information from this issue - "https://redmine.lighttpd.net/boards/3/topics/8885?r=8951#message-8951", after we add the mode=authorizer in configure file, our backend server still can not receive username/password(we want to receive include bad username/password), could you give us advice about this setting? (please check our configure setting in attached file)
We use digest function(in mode_auth) to let lighttpd server import our "auth.backend.plain.userfile", which is okay in our test(successfully login if user input username/password that has been set in userfile). After add "mode" => "authorizer", we expect that our backend server will receive username/password information. We've tried getenv("QUERY_STRING"), but received null string.
Here are our questions,
1. Is there has config setting that restrict login failed number.
2. Is there has config setting that restrict the block time.
3. If we want our backend server receive data(username/password) whether authenticate ok or not, how should we set in lighttpd.conf.
4. If we want to change our auth type from digest to basic, is there any different setting that we should notice?
Files
Updated by gstrauss over 3 years ago
- Status changed from New to Invalid
- Priority changed from Normal to Low
- Target version deleted (
1.4.xx)
This is the lighttpd issue tracker for issues in lighttpd.
User questions should not be posted here.
See wiki doc and start by using the "Search" box in the Forums to see if this topic has already been discussed.
Updated by gstrauss over 3 years ago
Please read mod_auth HTTP Auth methods docs before asking further questions in the forums.
Also available in: Atom