Apache::AuthChecker free download, Apache::AuthChecker download on software download

	Apache::AuthChecker Apache::AuthChecker is a mod_perl based authentication module used to prevent brute force attacks via HTTP authorization.
Download

Apache::AuthChecker Ranking & Summary

Rating:

License:
Perl Artistic License

Price:
FREE

Publisher Name:
Andre Yelistratov

Publisher web site:
http://search.cpan.org/~swampfox/Apache-AuthChecker-1.01/AuthChecker.pm

Apache::AuthChecker Tags

HTTP

Apache

authentication

Authentication Module

brute force attacks

HTTP authorization

Apache::AuthChecker Description

Apache::AuthChecker is a mod_perl based authentication module used to prevent brute force attacks via HTTP authorization. Apache::AuthChecker is a mod_perl based authentication module used to prevent brute force attacks via HTTP authorization.It remembers IP addresses of any user trying to authenticate for certain period of time. If user runs out limit of failed attempts to authenticate - all his authentication requests will be redirected to some URI (like this: /you_are_blocked.html).Apache configuration process:1. Add directives to httpd.conf below directives LoadModule and AddModule: < IfDefine MODPERL2 > PerlModule Apache2 PerlLoadModule Apache::AuthChecker < /IfDefine > < IfDefine !MODPERL2 > PerlModule Apache::AuthChecker < /IfDefine > PerlAuthCheckerMaxUsers 1450 PerlSecondsToExpire 3600 Note: parameter PerlAuthCheckerMaxUsers affects amount of shared memory allocated. Rule to estimate: every IP record eats 45 bytes. It means if you set 1000 users - 45Kbytes of shared memory will be allocated. Default setting is 64KByte which gives us about 1450 records. Exact value depends on PerlSecondsToExpire parameter. !!! It does not store ALL logins info, ONLY FAILED ONES BY IP. I see no need to make it big. Max limit depends on your OS settings. PerlSecondsToExpire - how long will we store data about authentication failures. 2. Use .htaccess or or mechanisms with the following directives (default values): AuthName "My secret area" PerlAuthenHandler Apache::AuthChecker PerlSetVar AuthUserFile /path/to/my/.htpasswd PerlSetVar MaxFailedAttempts 10 PerlSetVar RedirectURI / require valid-user Example. Your old .htaccess file looks like: AuthName "My secret area" AuthType Basic AuthUserFile /path/to/my/.htpasswd require valid-user The new one: AuthName "My secret area" #AuthType Basic PerlAuthenHandler Apache::AuthChecker PerlSetVar AuthUserFile /path/to/my/.htpasswd require valid-user Parameters: AuthUserFile - path to your passwords htpasswd-made file (REQUIRED). MaxFailedAttempts - Maximum attempts we give user to mistype password (OPTIONAL, default - 8). RedirectURI - URI (not URL!) to redirect attacker then he runs out attempts limit ((OPTIONAL, default - /). For example: /you_are_blocked.html Requirements: · Apache 1.3.x (2.x) with mod_perl 1.2x (2.x) enabled · IPC::Shareable perl module version 0.60 by BSUGARS. Probably it should work with other versions, but I did not test.

Apache::AuthChecker Related Software