This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Application Firewall with One Time Password (OTP)

I have setup the web application firewall with a virtual webserver. This proxies HTTPS requests through to my internal server. This server has it's own web based authentication. This is all working as expected.

I am looking at further securing the site with the One Time Password feature which i have been testing out. I have:

Enabled OTP, Set all users to must use OTP, set auto-create OTP tokens, and enabled the feature for the User Portal and the web application firewall.

If i go to the user portal, OTP is working as expected. If i go to my web application, nothing is changed, i hit the standard login and go through to my server.

Is there any other configuration that i am missing?

This thread was automatically locked due to age.

0 MAV41 over 9 years ago

Hi TR_Sennell_Sophos,

Have you made any progress implementing Web Application Firewall with OTP?

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel
0 vilic over 9 years ago

Hi,

How did you (if ever) configure reverse authentication for the virtual webserver ?

WAF with OTP will work only if you use UTM form-based or basic authentication as a front-end and basic or none on the real web server.

Form-to-Form WAF OTP authentication is still not implemented, but there is a feature request for it:
Web Application Firewall OTP support for form to form authenticationf
Cancel
Vote Up 0 Vote Down

Cancel