Two Factor Failure

What It Means

This request failed to provide the additional authentication information required by the WAF’s two-factor protection.

Why It Matters

Two-factor protection on the WAF adds an extra layer of security beyond your application’s own login system. Even if an attacker has valid credentials, they cannot access protected pages without also passing the WAF’s authentication challenge.

Common Triggers

Requests to protected pages where the visitor has not completed the WAF’s additional authentication step, or where the authentication token has expired.

What To Do

If a legitimate team member is seeing this block, they need to complete the WAF’s two-factor authentication challenge. Ensure your team knows which pages require this additional step. If you need to adjust which pages are protected, review your WAF dashboard settings.