Does Apache basic authentication defend brute force attacks?

Question

Will it shut down & lock up after repeated false password tries, and/or will it add lags in-between retries? Or does this depend on which modules you or your provider install? Thanks!

Answer 1

default Apache installation does not do that.

usually this is better done by your web application (eg, PHP/JSP) for account attack.

for network attack, better not for web servers because it's hard to identify the source due to so many anonymous / transparent proxy / VPN / NAT stuff. once you've implement that, you'd usually get lots of "why I can't connect" complains...