rhodecode-enterprise-ce Commit - r2428:27f2c76b

docs: added sophos utm9 example config

marcink -

r2428:27f2c76b default

parent child

docs/admin/sec-sophos-umc.rst

0 created 644 +101 0

@@ -0,0 +1,101 b''
	1	.. _sec-your-server:
	2
	3	Securing Your Server via Sophos UTM 9
	4	-------------------------------------
	5
	6
	7
	8	Below is an example configuration for Sophos UTM 9 Webserver Protection::
	9
	10	Sophos UTM 9 Webserver Protection
	11	Web Application Firewall based on apache2 modesecurity2
	12	--------------------------------------------------
	13	1. Firewall Profiles -> Firewall Profile
	14	--------------------------------------------------
	15	Name: RhodeCode (can be anything)
	16	Mode: Reject
	17	Hardening & Signing:
	18	[ ] Static URL hardeninig
	19	[ ] Form hardening
	20	[x] Cookie Signing
	21	Filtering:
	22	[x] Block clients with bad reputation
	23	[x] Common Threats Filter
	24	[ ] Rigid Filtering
	25	Skip Filter Rules:
	26	960015
	27	950120
	28	981173
	29	970901
	30	960010
	31	960032
	32	960035
	33	958291
	34	970903
	35	970003
	36	Common Threat Filter Categories:
	37	[x] Protocol violations
	38	[x] Protocol anomalies
	39	[x] Request limit
	40	[x] HTTP policy
	41	[x] Bad robots
	42	[x] Generic attacks
	43	[x] SQL injection attacks
	44	[x] XSS attacks
	45	[x] Tight security
	46	[x] Trojans
	47	[x] Outbound
	48	Scanning:
	49	[ ] Enable antivirus scanning
	50	[ ] Block uploads by MIME type
	51	--------------------------------------------------
	52	2. Web Application Firewall -> Real Webservers
	53	--------------------------------------------------
	54	Name: RhodeCode (can be anything)
	55	Host: Your RhodeCode-Server (UTM object)
	56	Type: Encrypted (HTTPS)
	57	Port: 443
	58	--------------------------------------------------
	59	3. Web Application Firewall -> Virual Webservers
	60	--------------------------------------------------
	61	Name: RhodeCode (can be anything)
	62	Interface: WAN (your WAN interface)
	63	Type: Encrypted (HTTPS) & redirect
	64	Certificate: Wildcard or matching domain certificate
	65	Domains (in case of Wildcard certificate):
	66	rhodecode.yourcompany.com (match your DNS configuration)
	67	gist.yourcompany.com (match your DNS & RhodeCode configuration)
	68	Real Webservers for path '/':
	69	[x] RhodeCode (created in step 2)
	70	Firewall: RhodeCode (created in step 1)
	71	--------------------------------------------------
	72	4. Firewall Profiles -> Exceptions
	73	--------------------------------------------------
	74	Name: RhodeCode exceptions (can be anything)
	75	Skip these checks:
	76	[ ] Cookie signing
	77	[ ] Static URL Hardening
	78	[ ] Form hardening
	79	[x] Antivirus scanning
	80	[x] True file type control
	81	[ ] Block clients with bad reputation
	82	Skip these categories:
	83	[ ] Protocol violations
	84	[x] Protocol anomalies
	85	[x] Request limits
	86	[ ] HTTP policy
	87	[ ] Bad robots
	88	[ ] Generic attacks
	89	[ ] SQL injection attacks
	90	[ ] XSS attacks
	91	[ ] Tight security
	92	[ ] Trojans
	93	[x] Outbound
	94	Virtual Webservers:
	95	[x] RhodeCode (created in step 3)
	96	For All Requests:
	97	Web requests matching this pattern:
	98	/_channelstream/ws
	99	/Repository1/*
	100	/Repository2/*
	101	/Repository3/* No newline at end of file

docs/admin/security-tips.rst

0 +1 0

                sec-x-frame
                sec-instance-basics
                sec-ip-white
+               sec-sophos-umc

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages