Soft lock for Basic Auth

aris · August 28, 2012, 4:44pm

Hi all,

Is it possible to apply a soft lock timeout on invalid password attempts
for

        auth_basic "Login";

        auth_basic_user_file /etc/.htpasswd;

Quintin

Quintin_P · August 31, 2012, 7:36pm

Hello!

On Tue, Aug 28, 2012 at 08:13:28PM +0530, Quintin P. wrote:

Hi all,

Is it possible to apply a soft lock timeout on invalid password attempts
for
        auth_basic "Login";

        auth_basic_user_file /etc/.htpasswd;

As far as I understand the question, something like this should
work:

error_page 401 /401.html;

location = /401.html {
    delay 1s;
}

Where the “delay” directive is added by a trivial module from [1].
(It may be equally done e.g. with embedded perl, or with
limit_req, but it’s usually a good idea to keep things simple.)

[1] ngx_http_delay_module: log

Maxim D.