Is there a way to configure Apache to slow down login after failed attempts?
It looks like it is not the default setting as already discussed here.
On the other side it seems to be possible also without adding it to own application logic, on plain Apache, see here, but I found nothing in documentation and discussion???
Best Answer
I think you could do it with a rule in the mod_security module:
But in the end you are better off using fail2ban or something like that to block the offending users.