Soft lock for Basic Auth

Maxim Dounin mdounin at
Fri Aug 31 17:36:09 UTC 2012


On Tue, Aug 28, 2012 at 08:13:28PM +0530, Quintin Par wrote:

> Hi all,
> Is it possible to apply a soft lock timeout on invalid password attempts
> for
>             auth_basic "Login";
>             auth_basic_user_file /etc/.htpasswd;

As far as I understand the question, something like this should 

    error_page 401 /401.html;

    location = /401.html {
        delay 1s;

Where the "delay" directive is added by a trivial module from [1]. 
(It may be equally done e.g. with embedded perl, or with 
limit_req, but it's usually a good idea to keep things simple.)


Maxim Dounin

More information about the nginx mailing list