##// END OF EJS Templates
u » ewong » rhodecode-enterprise-ce-fork
RSS

Fork of rhodecode-enterprise-ce

docs: added sophos utm9 example config
marcink -
r2428:27f2c76b default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,101 b''
1 .. _sec-your-server:
2
3 Securing Your Server via Sophos UTM 9
4 -------------------------------------
5
6
7
8 Below is an example configuration for Sophos UTM 9 Webserver Protection::
9
10 Sophos UTM 9 Webserver Protection
11 Web Application Firewall based on apache2 modesecurity2
12 --------------------------------------------------
13 1. Firewall Profiles -> Firewall Profile
14 --------------------------------------------------
15 Name: RhodeCode (can be anything)
16 Mode: Reject
17 Hardening & Signing:
18 [ ] Static URL hardeninig
19 [ ] Form hardening
20 [x] Cookie Signing
21 Filtering:
22 [x] Block clients with bad reputation
23 [x] Common Threats Filter
24 [ ] Rigid Filtering
25 Skip Filter Rules:
26 960015
27 950120
28 981173
29 970901
30 960010
31 960032
32 960035
33 958291
34 970903
35 970003
36 Common Threat Filter Categories:
37 [x] Protocol violations
38 [x] Protocol anomalies
39 [x] Request limit
40 [x] HTTP policy
41 [x] Bad robots
42 [x] Generic attacks
43 [x] SQL injection attacks
44 [x] XSS attacks
45 [x] Tight security
46 [x] Trojans
47 [x] Outbound
48 Scanning:
49 [ ] Enable antivirus scanning
50 [ ] Block uploads by MIME type
51 --------------------------------------------------
52 2. Web Application Firewall -> Real Webservers
53 --------------------------------------------------
54 Name: RhodeCode (can be anything)
55 Host: Your RhodeCode-Server (UTM object)
56 Type: Encrypted (HTTPS)
57 Port: 443
58 --------------------------------------------------
59 3. Web Application Firewall -> Virual Webservers
60 --------------------------------------------------
61 Name: RhodeCode (can be anything)
62 Interface: WAN (your WAN interface)
63 Type: Encrypted (HTTPS) & redirect
64 Certificate: Wildcard or matching domain certificate
65 Domains (in case of Wildcard certificate):
66 rhodecode.yourcompany.com (match your DNS configuration)
67 gist.yourcompany.com (match your DNS & RhodeCode configuration)
68 Real Webservers for path '/':
69 [x] RhodeCode (created in step 2)
70 Firewall: RhodeCode (created in step 1)
71 --------------------------------------------------
72 4. Firewall Profiles -> Exceptions
73 --------------------------------------------------
74 Name: RhodeCode exceptions (can be anything)
75 Skip these checks:
76 [ ] Cookie signing
77 [ ] Static URL Hardening
78 [ ] Form hardening
79 [x] Antivirus scanning
80 [x] True file type control
81 [ ] Block clients with bad reputation
82 Skip these categories:
83 [ ] Protocol violations
84 [x] Protocol anomalies
85 [x] Request limits
86 [ ] HTTP policy
87 [ ] Bad robots
88 [ ] Generic attacks
89 [ ] SQL injection attacks
90 [ ] XSS attacks
91 [ ] Tight security
92 [ ] Trojans
93 [x] Outbound
94 Virtual Webservers:
95 [x] RhodeCode (created in step 3)
96 For All Requests:
97 Web requests matching this pattern:
98 /_channelstream/ws
99 /Repository1/*
100 /Repository2/*
101 /Repository3/* No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,15 +1,16 b''
1 .. _sec-tips:
1 .. _sec-tips:
2
2
3 =============
3 =============
4 Security Tips
4 Security Tips
5 =============
5 =============
6
6
7 The following section contains security tips for ensuring your |RCE|
7 The following section contains security tips for ensuring your |RCE|
8 instances are configured in as secure a manner as possible.
8 instances are configured in as secure a manner as possible.
9
9
10 .. toctree::
10 .. toctree::
11
11
12 sec-your-server
12 sec-your-server
13 sec-x-frame
13 sec-x-frame
14 sec-instance-basics
14 sec-instance-basics
15 sec-ip-white
15 sec-ip-white
16 sec-sophos-umc
General Comments 0
You need to be logged in to leave comments. Login now