##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits....
pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits. This is required to increase the versions on each concurrent call. Otherwise we could get into an integrity errors of commitsha+version+repo
marcink - - Load All Authors

File last commit:

r2635:1a07b261 default
r3408:2a133f7e stable
Show More
sec-sophos-umc.rst
100 lines | 3.2 KiB | text/x-rst | RstLexer
/ docs / admin / sec-sophos-umc.rst
History | Source | Raw |Copy content |Copy permalink
marcink
docs: fixed some build errors
 r2635 .. _sec-sophos-umc:
marcink
docs: added sophos utm9 example config
 r2428
Securing Your Server via Sophos UTM 9
-------------------------------------
Below is an example configuration for Sophos UTM 9 Webserver Protection::
Sophos UTM 9 Webserver Protection
Web Application Firewall based on apache2 modesecurity2
--------------------------------------------------
1. Firewall Profiles -> Firewall Profile
--------------------------------------------------
Name: RhodeCode (can be anything)
Mode: Reject
Hardening & Signing:
[ ] Static URL hardeninig
[ ] Form hardening
[x] Cookie Signing
Filtering:
[x] Block clients with bad reputation
[x] Common Threats Filter
[ ] Rigid Filtering
Skip Filter Rules:
960015
950120
981173
970901
960010
960032
960035
958291
970903
970003
Common Threat Filter Categories:
[x] Protocol violations
[x] Protocol anomalies
[x] Request limit
[x] HTTP policy
[x] Bad robots
[x] Generic attacks
[x] SQL injection attacks
[x] XSS attacks
[x] Tight security
[x] Trojans
[x] Outbound
Scanning:
[ ] Enable antivirus scanning
[ ] Block uploads by MIME type
--------------------------------------------------
2. Web Application Firewall -> Real Webservers
--------------------------------------------------
Name: RhodeCode (can be anything)
Host: Your RhodeCode-Server (UTM object)
Type: Encrypted (HTTPS)
Port: 443
--------------------------------------------------
3. Web Application Firewall -> Virual Webservers
--------------------------------------------------
Name: RhodeCode (can be anything)
Interface: WAN (your WAN interface)
Type: Encrypted (HTTPS) & redirect
Certificate: Wildcard or matching domain certificate
Domains (in case of Wildcard certificate):
rhodecode.yourcompany.com (match your DNS configuration)
gist.yourcompany.com (match your DNS & RhodeCode configuration)
Real Webservers for path '/':
[x] RhodeCode (created in step 2)
Firewall: RhodeCode (created in step 1)
--------------------------------------------------
4. Firewall Profiles -> Exceptions
--------------------------------------------------
Name: RhodeCode exceptions (can be anything)
Skip these checks:
[ ] Cookie signing
[ ] Static URL Hardening
[ ] Form hardening
[x] Antivirus scanning
[x] True file type control
[ ] Block clients with bad reputation
Skip these categories:
[ ] Protocol violations
[x] Protocol anomalies
[x] Request limits
[ ] HTTP policy
[ ] Bad robots
[ ] Generic attacks
[ ] SQL injection attacks
[ ] XSS attacks
[ ] Tight security
[ ] Trojans
[x] Outbound
Virtual Webservers:
[x] RhodeCode (created in step 3)
For All Requests:
Web requests matching this pattern:
/_channelstream/ws
/Repository1/*
/Repository2/*
/Repository3/*