##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
feat(configs): deprecared old hooks protocol and ssh wrapper....
feat(configs): deprecared old hooks protocol and ssh wrapper. New defaults are now set on v2 keys, so previous installation are automatically set to new keys. Fallback mode is still available.
marcink - - Load All Authors

File last commit:

r2635:1a07b261 default
r5496:cab50adf default
Show More
sec-sophos-umc.rst
100 lines | 3.2 KiB | text/x-rst | RstLexer
/ docs / admin / sec-sophos-umc.rst
History | Source | Raw |Copy content |Copy permalink
marcink
docs: fixed some build errors
 r2635 .. _sec-sophos-umc:
marcink
docs: added sophos utm9 example config
 r2428
Securing Your Server via Sophos UTM 9
-------------------------------------
Below is an example configuration for Sophos UTM 9 Webserver Protection::
Sophos UTM 9 Webserver Protection
Web Application Firewall based on apache2 modesecurity2
--------------------------------------------------
1. Firewall Profiles -> Firewall Profile
--------------------------------------------------
Name: RhodeCode (can be anything)
Mode: Reject
Hardening & Signing:
[ ] Static URL hardeninig
[ ] Form hardening
[x] Cookie Signing
Filtering:
[x] Block clients with bad reputation
[x] Common Threats Filter
[ ] Rigid Filtering
Skip Filter Rules:
960015
950120
981173
970901
960010
960032
960035
958291
970903
970003
Common Threat Filter Categories:
[x] Protocol violations
[x] Protocol anomalies
[x] Request limit
[x] HTTP policy
[x] Bad robots
[x] Generic attacks
[x] SQL injection attacks
[x] XSS attacks
[x] Tight security
[x] Trojans
[x] Outbound
Scanning:
[ ] Enable antivirus scanning
[ ] Block uploads by MIME type
--------------------------------------------------
2. Web Application Firewall -> Real Webservers
--------------------------------------------------
Name: RhodeCode (can be anything)
Host: Your RhodeCode-Server (UTM object)
Type: Encrypted (HTTPS)
Port: 443
--------------------------------------------------
3. Web Application Firewall -> Virual Webservers
--------------------------------------------------
Name: RhodeCode (can be anything)
Interface: WAN (your WAN interface)
Type: Encrypted (HTTPS) & redirect
Certificate: Wildcard or matching domain certificate
Domains (in case of Wildcard certificate):
rhodecode.yourcompany.com (match your DNS configuration)
gist.yourcompany.com (match your DNS & RhodeCode configuration)
Real Webservers for path '/':
[x] RhodeCode (created in step 2)
Firewall: RhodeCode (created in step 1)
--------------------------------------------------
4. Firewall Profiles -> Exceptions
--------------------------------------------------
Name: RhodeCode exceptions (can be anything)
Skip these checks:
[ ] Cookie signing
[ ] Static URL Hardening
[ ] Form hardening
[x] Antivirus scanning
[x] True file type control
[ ] Block clients with bad reputation
Skip these categories:
[ ] Protocol violations
[x] Protocol anomalies
[x] Request limits
[ ] HTTP policy
[ ] Bad robots
[ ] Generic attacks
[ ] SQL injection attacks
[ ] XSS attacks
[ ] Tight security
[ ] Trojans
[x] Outbound
Virtual Webservers:
[x] RhodeCode (created in step 3)
For All Requests:
Web requests matching this pattern:
/_channelstream/ws
/Repository1/*
/Repository2/*
/Repository3/*