How to prevent against htpasswd brute force?

[matty]

Hi, im running a website mainly for my own use, testing etc, however i have some parts protected by htpasswd, ive tried setting maximum requests/second to 5 on the server level, but if i hold down enter on the password prompt it pops up about 20 times per second with no blocking.

How would i go about protecting my site password protected areas from brute force/ or exploits?

Thanks

 

[brrr]

Perhaps have a look at using something like fail2ban. A guide to using it is here:

http://www.howtoforge.com/fail2ban_debian_etch

or BFD, esp if you use the APF firewall...
http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

Unless I am mistaken, I don't think there is anything internal that Litespeed can do to prevent brute force attacks against HTTP basic authentication. Although it would certainly be a good feature to have...

 

[anewday]

Use CSF, it has lfd to block it.