On 31/08/2015 20:28, George Sexton wrote: > > > On 8/31/2015 8:54 AM, Christopher Schultz wrote: >> You also tell them how long they have to wait before they can resume >> their brute-force attack without wasting their own time. >>> Must better to let a brute force attacker pound away at a locked >>> account wasting their resources and probably tripping additional >>> security measures (like an IP block) for the excessive failures >>> than it is to tell them what they need to do to keep the >>> authentication system happy. >> > > I've started using Fail2Ban because of brute force attacks against > Postfix-SASL. It would be nice if the LockoutRealm also reported the IP > address so I could use it to cover Tomcat as well. In it's > implementation, LockoutRealm gives the user n tries per account (at > least that's my understanding).
The client IP isn't available to the Realm. It would need an API change. I typically use the access log to trigger fail2ban with Tomcat since both the client IP and the 403 response code are present. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
