|Subject:||htaccess login attempts|
|Posted by:||Bat 'n' Ball (batnball543633…@gmail.com)|
|Date:||Sun, 13 Mar 2011|
I have password protected one of my pages using htaccess.
I noticed that in Internet Explorer (various versions), you get 3
chances at logging in before you get redirected to the 401 page. You
then have to refresh the page before you can try again.
In Firefox (3.6.15), I note that login attempts seems to be limitless
and you only see the 401 page if you cancel.
Although the page I am protecting isn't particularly high sensitivity,
from a security point of view, I think unlimited login attempts isn't
very good and could unnecessarily add multiple lines to the error log.
Is there a way to limit login attempts, preferably by a time limit?
Apache/2.2.17 (Win32) PHP/5.3.4