How to Limit Login Requests on Datameer's Basic Authentication

Goal

Prevent brute force and other malicious login attempts when using Datameer's basic authentication system.

Learn

As of version 5.7, Datameer has implemented a CAPTCHA system used to thwart brute force authentication methods. Per default, a user name can try and authenticate three times before being asked for a CAPTCHA to be entered every subsequent attempt. 

Beyond this security measure, Datameer users are responsible to secure HTTP requests on their system trying to access Datameer with basic authentication.

Solution/Workaround

Users may utilize intrusion prevention software (example: Fail2Ban) that read log files from Datameer.

These types of applications trail log files for authentication errors, look for regular expressions, and then work with firewalls to apply blacklists against IP addresses that match a pattern too often. 

Here it would be necessary to monitor the useraction.log for action type AUTHENTICATION.