Vivek,
Is it possible that a special auth handler could be written that stores the number
of bad authorizations for a userid and the last time of the hit in a DBM file for
quick lookup? Then, configure an environment or server variable if the auth screwed
up more than 3 times within the last hour (or some other prespecified time)?
Although HTTP is stateless, the username would at least tend to remain constant in
most cases of hacking or user problems I would think.
Vivek Khera wrote:
> >>>>> "GJ" == Gram, Jim <[EMAIL PROTECTED]> writes:
>
> GJ> This is more an Apache question, but here goes. Is there any way to
> GJ> modify the "Authorization Required" page received after three failed
> GJ> attempts to login in using Basic Authentication (or insert a custom page) ?
> GJ> Also, can the number of attempts before failure be modified? Thanks in
> GJ> advance???
>
> The HTTP protocol is stateless, so you have no way to count such
> attempts. You need to introduce state using cookies and possibly a
> database on your end.
>
> But this has nothing to do with mod_perl, as you said up front.
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Vivek Khera, Ph.D. Khera Communications, Inc.
> Internet: [EMAIL PROTECTED] Rockville, MD +1-301-545-6996
> PGP & MIME spoken here http://www.kciLink.com/home/khera/
