Access from anywhere: securing FOP2

  1. 7 years ago

    We have a customer that needs access to FOP2 from any public IP. They have been using Fonality's HUD and would like a similar experience..

    Apart from strong passwords, what are the best practices for securing FOP2?

  2. admin

    3 Jan 2017 Administrator

    you can use https and strong passwords. You can limit access to /fop2/admin via .htaccess or similar as you might probably do not want access to the manager from everywhere.

    Best regards,

  3. Try to use fail2ban if FOP2 write bad auth in log.

  4. AFAIK FOP2 does not write bad auth anywhere. Does it?

    Also AFAIK, fop2 auth occurs over port 4445 so https would not encrypt those passwords.

    Thanks for great support as always.

  5. admin

    13 Feb 2017 Administrator

    FOP2 does write an audit log if you enable it via the -a command line parameter, including Bad authentication attempts. Try adding -a /var/log/fop2_audit.log to the startup parameters in the /etc/sysconfig/fop2 file if you want.

    As for passwords on the wire, they are hashed/encrypted, they are not transferred plain text.

    Best regards,

or Sign Up to reply!