Forum

Hi Hugo,

how can i limit the number of login attempts with basic authentication?
I want to lock the IP after a number of failed attempts.

P.S.
The code example in the last question of FAQ has an error.
There is a typo. Should be TimeForRequest not WaitForRequest.

Wrong code

Binding {
    ...
    MaxRequstSize = 128
    MaxKeepAlive = 50
    WaitForRequest = 3, 20
}

ConnectionsPerIP = 10
ReconnectDelay = 5
BanOnMaxPerIP = 15
BanOnFlooding = 10/1:15

Right code

Binding {
    ...
    MaxRequstSize = 128
    MaxKeepAlive = 50
    TimeForRequest = 3, 20
}

ConnectionsPerIP = 10
ReconnectDelay = 5
BanOnMaxPerIP = 15
BanOnFlooding = 10/1:15

I think that also the httpd.conf example file coming with hiawatha has the same typo.

Thanks for informing me about the type. It has been fixed (the httpd.conf is fine btw).

About limiting the numer of login attempts. Currently, it cannot be done. But I will see if I can make it possible. I'll let you know via this topic within a few days. (please, tell me if I forget to do so )

Ok, thanks

I've just implemented the ban-on-wrong-password feature you've requested. It all looks oke, but I'm gonna test it a little more. The next version with this new feature will probably be released soon.

If you send an e-mail to hugo at leisink dot net, then I'll send you a beta-verion of the next release. So you can verify that this is what you want.

Have you already sent mail???
I haven't received anything yet.

My mail address is net dot master at libero dot it.