Web directory protection like denyhosts

[timgerr]

Hey all,
There is a great program called deny hosts, I was wondering if there was a program like that that does that same with wep directory authentication. I have a password protected directory that I want to lock people out via hosts.deny if they have more that X amount of failed logins.

Is there anything like this?

Thanks,
timgerr

-How important does a person have to be before they are considered assassinated instead of just murdered?
-Need more cow bell!!!

 

[macd68]

I'm assuming apache here...
Since apache doesn't offer any sort of internal functionality for this in their authentication stack and this stack isn't integrated with the PAM stack then you would have to cook up some logscraping utility afaik with some logic to take care of the 'repetitive login atrocities' in a fullproof way.

There are examples of perl scripts and other code that uses this method all over the place. Good luck.

 

[Annihilannic]

Have you tried using the "Allow from" and "Deny from" options under an appropriate <Directory> section in httpd.conf?

Annihilannic.