Michael Ströder <[email protected]> wrote: > To deal with brute-force attempts you have to establish central > logging with appropriate log watchers which alarm you in case > of a brute-force attack.
What about this line of defense? overlay rwm rwm-rewriteEngine on rwm-rewriteContext searchFilter rwm-rewriteRule "(.*\\()?secret=[^\\)]*(\\).*)?" "$1secret=*$2" This turns any search filter against the secret attribute into * in order to thwart brute force attempt. Used with a search level ACL, this will cause the server will only reveal if the attribute is present or not. I gave it a try and it seems to work. Any comment? An improvement would be to exempt some users (a group) from this rule. Any idea how I can do that? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz [email protected]
