diff --git a/src/httpconnection.cpp b/src/httpconnection.cpp
index e61a32ca4..07e76031b 100644
--- a/src/httpconnection.cpp
+++ b/src/httpconnection.cpp
@@ -128,17 +128,28 @@ QString HttpConnection::translateDocument(QString data) {
   return data;
 }
 
-void HttpConnection::respond()
-{
+void HttpConnection::respond() {
   //qDebug("Respond called");
+  int nb_fail = parent->client_failed_attempts.value(socket->peerAddress().toString(), 0);
+  if(nb_fail > 2) {
+    generator.setStatusLine(403, "Forbidden");
+    generator.setMessage(tr("Your IP address has been banned after too many failed authentication attempts."));
+    write();
+    return;
+  }
   QStringList auth = parser.value("Authorization").split(" ", QString::SkipEmptyParts);
-  if (auth.size() != 2 || QString::compare(auth[0], "Basic", Qt::CaseInsensitive) != 0 || !parent->isAuthorized(auth[1].toLocal8Bit()))
-  {
+  if (auth.size() != 2 || QString::compare(auth[0], "Basic", Qt::CaseInsensitive) != 0 || !parent->isAuthorized(auth[1].toLocal8Bit())) {
+    // Update failed attempt counter
+    parent->client_failed_attempts.insert(socket->peerAddress().toString(), nb_fail+1);
+    qDebug("client IP: %s (%d failed attempts)", socket->peerAddress().toString().toLocal8Bit().data(), nb_fail);
+    // Return unauthorized header
     generator.setStatusLine(401, "Unauthorized");
     generator.setValue("WWW-Authenticate",  "Basic realm=\"you know what\"");
     write();
     return;
   }
+  // Client sucessfuly authenticated, reset number of failed attempts
+  parent->client_failed_attempts.remove(socket->peerAddress().toString());
   QString url  = parser.url();
   // Favicon
   if(url.endsWith("favicon.ico")) {
diff --git a/src/httpserver.h b/src/httpserver.h
index 25ddc329c..f34069fca 100644
--- a/src/httpserver.h
+++ b/src/httpserver.h
@@ -35,6 +35,7 @@
 #include <QPair>
 #include <QTcpServer>
 #include <QByteArray>
+#include <QHash>
 
 class Bittorrent;
 class QTimer;
@@ -56,6 +57,7 @@ class HttpServer : public QTcpServer {
                 void setAuthorization(QString username, QString password_md5);
 		bool isAuthorized(QByteArray auth) const;
 		EventManager *eventManager() const;
+                QHash<QString, int> client_failed_attempts;
 
 	private slots:
 		void newHttpConnection();