Thanks for your replies .. I've come up with this solution:(Running Alfresco Community Edition 4.0d on CentOS 6)Install an apache webserver in front of alfresco tomcat. I've found that this also gives you some more flexibility … and you can keep your alfresco completely vanilla if needed. Playing around with apache settings is a lot easier than tomcat!Just forward your apache virtualhost with AJP to tomcat. Add this this to your virtualhost config:ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
Now I've used OSSEC (http://www.ossec.net) to monitor my server, and I've also set it up so it monitors failed logins on my alfresco site.OSSEC works pretty ok out of the box. Just add this to the web_rules.xml file:
<rule id="31163" level="5">
<if_sid>31100</if_sid>
<match>/share/page/type/login?error=true</match>
<options>alert_by_email</options>
<description>Alfresco failed login</description>
<group>invalid_login,</group>
</rule>
<rule id="31164" level="10" frequency="2" timeframe="120" ignore="60">
<if_matched_sid>31163</if_matched_sid>
<description>Multiple failed login attempts on Alfresco portal.</description>
<group>invalid_login,</group>
</rule>
The first rule will monitor you apache log for "/share/page/type/login?error=true" and it will send an email when it occurs. The second rule will block the originating IP-address if multiple failed logins are seen. By default it will block for 600 seconds but you can alter this in OSSEC.Make sure you add your apache log file to ossec.conf like this: <localfile>
<log_format>apache</log_format>
<location>/var/log/httpd/access_log</location>
</localfile>
There still some work to do like moving the OSSEC rules to a separate file (the standard files are overwritten during update), but it's quite functional as it is right now.Let me know if you like my solution and if you need any help implementing it.
