Update: As Craig suggested I'm trying fail2ban now. Even though I have issues in that as well.
failregex is not finding any result though. I had enabled all apache* in jail.local and here is how my apache logs errors:
[Fri Jul 25 11:31:20.758218 2014] [auth_basic:error] [pid 4959] [client 8.8.8.8:12767] AH01617: user GOLD: authentication failure for "/Folder": Password Mismatch
[Fri Jul 25 11:31:22.941978 2014] [auth_basic:error] [pid 4959] [client 8.8.8.8:12767] AH01618: user asd not found: /Folder
And here is how failegex apache-auth.conf is configured to:
failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$
I also tried adding this code as well but still does not work
failregex = [[]client <HOST>[]] (Digest: )?user .* (authentication failure|not found|password mismatch)
http://example.com/FOLDER/ is password protected through htaccess and htpasswd. But I think it can be brute forced as there is not failure attempt limit. Any tips to secure that? Mod
security isn't help for my situation as there is no login page or redirection page (I don't know how to use mod security in this case by pulling the error message from logs). Any other suggestions to block IP for n number failed attempts?
Thanks!
Best Answer
If you have control over the OS of the server, you can use fail2ban to block brute-force attempts after a certain number of tries via iptables. You can additionally optionally enable notifications when an IP is blocked.
Check this ServerFault question for more information, the Fail2ban site appears down at the moment.