Hello Sim,
as SSL or not SSL is handled by the Apache, there is no way to configure
something within privacyIDEA.
So yes, you need to start Virtualhost:80.
You might configure apache this way, that is block/disallows accessing
/token
/resolver
/...
on port 80.
What are you inspecting with your IPS?
These might be good ideas to improve privacyIDEA.
You may take a look at the policy auth_max_fail.
If more than a given number of failed authentication request for a user
arrive within a time frame, also a successful auth will not be possible.
This is a basic way to avoid brute force.
http://privacyidea.readthedocs.io/en/latest/policies/authorization.html#auth-max-success
Kind regards
Cornelius
> --
> Please read the blog post about getting help
>
https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
>
https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/b54699f4-f958-4076-979d-a53cae657ca7%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel:
+49 561 3166797, Fax:
+49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel