Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews


LINUX CATEGORIES:



GLOBAL PAGES >>
NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
WEEK'S BEST
  • Linux Kernel 3.9.2 / 3....
  • LibreOffice 3.6.6 / 4.0.3
  • MPlayer 1.1.1
  • systemd 204
  • Arch Linux 2013.05.01
  • Blender 2.67
  • KDE Software Compilatio...
  • CrunchBang Linux Stable...
  • Elementary OS 0.1 / 0.2...
  • SystemRescueCd 3.6.0
    		•
    Home > Linux > Programming > Perl Modules

    Apache::AuthChecker 1.01
    Download button

    No screenshots available
    Downloads: 505  View global page NEW!  Tell us about an update
    User Rating:
    Rated by:    		 Fair (2.5/5)
    8 user(s)
    Developer:

    License / Price:

    Last Updated:

    Category:         		Andre Yelistratov | More programs
    Perl Artistic License / FREE
    January 25th, 2008, 14:17 GMT
    ROOT / Programming / Perl Modules

     Read user reviews (0)  Refer to a friend  Subscribe

    Apache::AuthChecker description

    A mod_perl based authentication module used to prevent brute force attacks via HTTP authorization.

    Apache::AuthChecker is a mod_perl based authentication module used to prevent brute force attacks via HTTP authorization.

    It remembers IP addresses of any user trying to authenticate for certain period of time. If user runs out limit of failed attempts to authenticate - all his authentication requests will be redirected to some URI (like this: /you_are_blocked.html).

    Apache configuration process:

    1. Add directives to httpd.conf below directives LoadModule and AddModule:
    < IfDefine MODPERL2 >
    PerlModule Apache2
    PerlLoadModule Apache::AuthChecker
    < /IfDefine >
    < IfDefine !MODPERL2 >
    PerlModule Apache::AuthChecker
    < /IfDefine >
    PerlAuthCheckerMaxUsers 1450
    PerlSecondsToExpire 3600

    Note: parameter PerlAuthCheckerMaxUsers affects amount of shared memory allocated. Rule to estimate: every IP record eats 45 bytes. It means if you set 1000 users - 45Kbytes of shared memory will be allocated. Default setting is 64KByte which gives us about 1450 records. Exact value depends on PerlSecondsToExpire parameter. !!! It does not store ALL logins info, ONLY FAILED ONES BY IP. I see no need to make it big. Max limit depends on your OS settings.

    PerlSecondsToExpire - how long will we store data about authentication failures.

    2. Use .htaccess or or mechanisms with the following directives (default values):

    AuthName "My secret area"
    PerlAuthenHandler Apache::AuthChecker
    PerlSetVar AuthUserFile /path/to/my/.htpasswd
    PerlSetVar MaxFailedAttempts 10
    PerlSetVar RedirectURI /
    require valid-user

    Example.

    Your old .htaccess file looks like:

    AuthName "My secret area"
    AuthType Basic
    AuthUserFile /path/to/my/.htpasswd
    require valid-user

    The new one:

    AuthName "My secret area"
    #AuthType Basic
    PerlAuthenHandler Apache::AuthChecker
    PerlSetVar AuthUserFile /path/to/my/.htpasswd
    require valid-user

    Parameters:

    AuthUserFile - path to your passwords htpasswd-made file (REQUIRED).
    MaxFailedAttempts - Maximum attempts we give user to mistype password
    (OPTIONAL, default - 8).
    RedirectURI - URI (not URL!) to redirect attacker then he runs out
    attempts limit ((OPTIONAL, default - /).
    For example: /you_are_blocked.html

    Product's homepage

    Requirements:

    · Apache
    · IPC::Shareable

      


    TAGS:

    		 brute force attacks | authentication module | HTTP authorization | Apache | authentication | HTTP

    Go to top

    WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

    SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
    © 2001 - 2013 Softpedia. All rights reserved.
    Softpedia® and the Softpedia® logo are
    registered trademarks of SoftNews NET SRL.    		 Copyright Information | Privacy Policy | Terms of Use