Forum

I run Wordpress and antoher CMS on Hiawatha, it works like a charm.

But it would be great to get some brute force protection for the login.php files / pages.
I know there is a banonflooding option, but I want to limit a page or file to say 5 requests per minute and not for the rest of the site.

Is that possible with Hiawatha?

Something like this:
http://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/

Hiawatha version: 9.2
Operating System: FreeBSD 9.6 64 Bit

No, that sort of application specific things are not supported. That's Wordpress's job.

Yes, in essence.

But one could also say that about PreventXSS, PreventSQLi and PreventCSRF.

In my example it is about the admin login page. But I can imagine it would be handy for other directories or pages also.
BanOnFlooding is for the complete site. It would be nice if that could be extended to files, directories or url's.

Like a index.php of a generic site / webapp needs to be limited to 5 req/s, but the static files do not need such a low value and can be limited to 25 req/s when under attack.