SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

RSA Self Service Web Tier Behind A Cloud WAF



We have RSA Self Service web tier deployed in our DMZ, allowing temporary token generation.


I am working on adding a cloud WAF (Incapsula) in front of the RSA web tier. When deployed behind the WAF, I can get the initial page, but when I click "Troubleshoot SecurID token" it generates an error. The RSA logs are showing: "The authentication request was routed through a load balancer/Proxy server that is not recognized by the system".


I did a little research on this and it looks I am supposed to supply all possible proxy IPs in the RSA configuration? It looks like there is a maximum of two? Since Incapsula is a cloud WAF there are literally thousands of possible proxy source IP address.


Do you have any input on how I can get this working? How does the RSA web tier even know it's being accessed behind a proxy? Does it look for the existence of the X-Forwarded-For header?


Thank you,


Labels (1)
0 Replies