as SSL or not SSL is handled by the Apache, there is no way to configure
something within privacyIDEA.
So yes, you need to start Virtualhost:80.
You might configure apache this way, that is block/disallows accessing
on port 80.
What are you inspecting with your IPS?
These might be good ideas to improve privacyIDEA.
You may take a look at the policy auth_max_fail.
If more than a given number of failed authentication request for a user
arrive within a time frame, also a successful auth will not be possible.
This is a basic way to avoid brute force.
CorneliusAm Samstag, den 07.05.2016, 00:00 -0700 schrieb firstname.lastname@example.org:
Hello and good morning to all!
I have a small question to ask to you.
Well, I’m using privacyIDEA + Apache2 and the functioning/integration
with the web server it’s good and correct (SSLEngine,
SSLCertificateFile, SSLCertificateKeyFile, etc…), with the faculty
of change others settings as: SSLProtocol, SSLCipherSuite, etc…
But I need to “expose” (only internally) the validation function
(example “/validate/check”) in HTTP without SSL for two/three reasons.
In my case:
- here will transit only “user/token” (no critical or sensitive
- the connection from Application to privacyIDEA is in LAN/VLAN (local
- in this case I can inspect packet (with IPS) for detect and block
any intrusion attempts (for example if my exposed application will be
Is it possibile or I need to start a second instance? (something like
WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi
WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=
Thank you very much and have a nice weekend!
Please read the blog post about getting help
For professional services and consultancy regarding two factor
authentication please visit
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to email@example.com.
To post to this group, send email to firstname.lastname@example.org.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.
+49 151 2960 1417
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)