##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
artifacts: expose a special auth-token based artifacts download urls....
artifacts: expose a special auth-token based artifacts download urls. This will allow sharing download to external locations used new generated artifact download tokens. This feature allows also serving downloads using secret urls with all the fancy logic of our auth tokens.
marcink - - Load All Authors

File last commit:

r2635:1a07b261 default
r4003:09f31efc default
Show More
sec-sophos-umc.rst
100 lines | 3.2 KiB | text/x-rst | RstLexer
/ docs / admin / sec-sophos-umc.rst
History | Annotation | Raw |Copy content |Copy permalink

Securing Your Server via Sophos UTM 9

Below is an example configuration for Sophos UTM 9 Webserver Protection:

Sophos UTM 9 Webserver Protection
Web Application Firewall based on apache2 modesecurity2
--------------------------------------------------
1. Firewall Profiles -> Firewall Profile
--------------------------------------------------
Name: RhodeCode (can be anything)
Mode: Reject
Hardening & Signing:
    [ ] Static URL hardeninig
    [ ] Form hardening
    [x] Cookie Signing
Filtering:
    [x] Block clients with bad reputation
    [x] Common Threats Filter
    [ ] Rigid Filtering
        Skip Filter Rules:
            960015
            950120
            981173
            970901
            960010
            960032
            960035
            958291
            970903
            970003
Common Threat Filter Categories:
    [x] Protocol violations
    [x] Protocol anomalies
    [x] Request limit
    [x] HTTP policy
    [x] Bad robots
    [x] Generic attacks
    [x] SQL injection attacks
    [x] XSS attacks
    [x] Tight security
    [x] Trojans
    [x] Outbound
Scanning:
    [ ] Enable antivirus scanning
    [ ] Block uploads by MIME type
--------------------------------------------------
2. Web Application Firewall -> Real Webservers
--------------------------------------------------
Name: RhodeCode (can be anything)
Host: Your RhodeCode-Server (UTM object)
Type: Encrypted (HTTPS)
Port: 443
--------------------------------------------------
3. Web Application Firewall -> Virual Webservers
--------------------------------------------------
Name: RhodeCode (can be anything)
Interface: WAN (your WAN interface)
Type: Encrypted (HTTPS) & redirect
Certificate: Wildcard or matching domain certificate
    Domains (in case of Wildcard certificate):
        rhodecode.yourcompany.com (match your DNS configuration)
        gist.yourcompany.com (match your DNS & RhodeCode configuration)
Real Webservers for path '/':
    [x] RhodeCode (created in step 2)
Firewall: RhodeCode (created in step 1)
--------------------------------------------------
4. Firewall Profiles -> Exceptions
--------------------------------------------------
Name: RhodeCode exceptions (can be anything)
Skip these checks:
    [ ] Cookie signing
    [ ] Static URL Hardening
    [ ] Form hardening
    [x] Antivirus scanning
    [x] True file type control
    [ ] Block clients with bad reputation
Skip these categories:
    [ ] Protocol violations
    [x] Protocol anomalies
    [x] Request limits
    [ ] HTTP policy
    [ ] Bad robots
    [ ] Generic attacks
    [ ] SQL injection attacks
    [ ] XSS attacks
    [ ] Tight security
    [ ] Trojans
    [x] Outbound
Virtual Webservers:
    [x] RhodeCode (created in step 3)
For All Requests:
    Web requests matching this pattern:
        /_channelstream/ws
        /Repository1/*
        /Repository2/*
        /Repository3/*