I am looking for a way to protect Basic authentication (401) from brute
ModSecurity is installed on a reverse proxy, this reverse proxy simply
forward requests to "backends servers", the .htpasswd/.htaccess is stored
on these servers.
But, all the requests are going through the load balancer, this means that
it can detect 401 errors...
I tried to use the provided sample for Wordpress brute force protection
without any success i was not even able to generate a modsecurity warning
in the logs.
Currently mod_security is installed for several sites and is working
perfectly based on scoring method, it would be very interesting to
implement that :)
Thanks in advance for your help.