##// END OF EJS Templates
git: use force fetch and update for target ref. This solves a case...
git: use force fetch and update for target ref. This solves a case when in PRs a target is force updated and is out of sync. Before we used a pull which --ff-only fails obviosly because two are out of sync. This change uses new logic that resets the target branch according to the source target branch allowing smooth merge simulation.

File last commit:

r2635:1a07b261 default
r2784:e8c62649 default
Show More
sec-sophos-umc.rst
100 lines | 3.2 KiB | text/x-rst | RstLexer

Securing Your Server via Sophos UTM 9

Below is an example configuration for Sophos UTM 9 Webserver Protection:

Sophos UTM 9 Webserver Protection
Web Application Firewall based on apache2 modesecurity2
--------------------------------------------------
1. Firewall Profiles -> Firewall Profile
--------------------------------------------------
Name: RhodeCode (can be anything)
Mode: Reject
Hardening & Signing:
    [ ] Static URL hardeninig
    [ ] Form hardening
    [x] Cookie Signing
Filtering:
    [x] Block clients with bad reputation
    [x] Common Threats Filter
    [ ] Rigid Filtering
        Skip Filter Rules:
            960015
            950120
            981173
            970901
            960010
            960032
            960035
            958291
            970903
            970003
Common Threat Filter Categories:
    [x] Protocol violations
    [x] Protocol anomalies
    [x] Request limit
    [x] HTTP policy
    [x] Bad robots
    [x] Generic attacks
    [x] SQL injection attacks
    [x] XSS attacks
    [x] Tight security
    [x] Trojans
    [x] Outbound
Scanning:
    [ ] Enable antivirus scanning
    [ ] Block uploads by MIME type
--------------------------------------------------
2. Web Application Firewall -> Real Webservers
--------------------------------------------------
Name: RhodeCode (can be anything)
Host: Your RhodeCode-Server (UTM object)
Type: Encrypted (HTTPS)
Port: 443
--------------------------------------------------
3. Web Application Firewall -> Virual Webservers
--------------------------------------------------
Name: RhodeCode (can be anything)
Interface: WAN (your WAN interface)
Type: Encrypted (HTTPS) & redirect
Certificate: Wildcard or matching domain certificate
    Domains (in case of Wildcard certificate):
        rhodecode.yourcompany.com (match your DNS configuration)
        gist.yourcompany.com (match your DNS & RhodeCode configuration)
Real Webservers for path '/':
    [x] RhodeCode (created in step 2)
Firewall: RhodeCode (created in step 1)
--------------------------------------------------
4. Firewall Profiles -> Exceptions
--------------------------------------------------
Name: RhodeCode exceptions (can be anything)
Skip these checks:
    [ ] Cookie signing
    [ ] Static URL Hardening
    [ ] Form hardening
    [x] Antivirus scanning
    [x] True file type control
    [ ] Block clients with bad reputation
Skip these categories:
    [ ] Protocol violations
    [x] Protocol anomalies
    [x] Request limits
    [ ] HTTP policy
    [ ] Bad robots
    [ ] Generic attacks
    [ ] SQL injection attacks
    [ ] XSS attacks
    [ ] Tight security
    [ ] Trojans
    [x] Outbound
Virtual Webservers:
    [x] RhodeCode (created in step 3)
For All Requests:
    Web requests matching this pattern:
        /_channelstream/ws
        /Repository1/*
        /Repository2/*
        /Repository3/*