Reference: Authentication types¶
Authentication types define the method the web server uses to authenticate the login URL’s credentials with a web user.
You define an authentication type for brute force protection in a WAF policy.
Option | Description |
---|---|
None | The web server does not authenticate users trying to access the web application through the login URL. This is the default setting. |
HTML Form | The web application uses a form to collect and authenticate user credentials. If using this option, you also need to type the user name and password parameters written in the code of the HTML form. |
HTTP Basic Authentication | The user name and password are transmitted in Base64 and stored on the server in plain text. |
HTTP Digest Authentication | The web server performs the authentication; user names and passwords are not transmitted over the network, nor are they stored in plain text. |
NTLM | Microsoft LAN Manager authentication (also called Integrated Windows Authentication) does not transmit credentials in plain text, but requires a continuous TCP connection between the server and client. |
JSON/AJAX Request | The web server uses JSON and AJAX requests to authenticate users trying to access the web application through the login URL. For this option, you also need to type the name of the JSON element containing the user name and password. |