Can I use rate-limiting with HTTP basic authentication in Apache?

security apache-2.4 http-basic-authentication ufw rate-limiting

HTTP basic authentication is done by sending an additional header in the each and every request the client makes, i.e. for each and every resource.

Authorization: Basic <credentials>

If you do not provide this header in a request, you will be prompted to provide credentials.

There is thus no single login page which you can protect by any kind of rate limiting or firewall rules. Rate limiting all pages also is not an option. Should you rate limit each IP address to only one request per second, valid users can only fetch one resource per second. Loading a web page, two style sheets, and four images, would thus take at least seven seconds.

Related

COMMAND TO DISPLAY SPECIFIC LINES IN A SCRIPT [closed]
Set Environment Variables on Azure App Service (Docker Instance)
Lets Encrypt Auto Renew Quiet Mode Error
Are two different hard drives the exact same size if they claim to have the same one (i.e. 1TB)?
Setting up domain controller on windows 10
Is using shred to wipe Linux SSDs safe?
excel How to sum total working hours with positive and negative time
MS Excel: How to use format painter with just the keyboard?
'at' command intended behaviour? Launching each commands instead of scheduling
How to print multiple copies of one page, multiple pages per sheet in Windows 10?
WINDOWS 10 how to stop "Skype for Business" from starting
Drag and drop a tab to the bookmarks in Chrome