Show More
| @@ -0,0 +1,101 b'' | |||
|
|
1 | .. _sec-your-server: | |
|
|
2 | ||
|
|
3 | Securing Your Server via Sophos UTM 9 | |
|
|
4 | ------------------------------------- | |
|
|
5 | ||
|
|
6 | ||
|
|
7 | ||
|
|
8 | Below is an example configuration for Sophos UTM 9 Webserver Protection:: | |
|
|
9 | ||
|
|
10 | Sophos UTM 9 Webserver Protection | |
|
|
11 | Web Application Firewall based on apache2 modesecurity2 | |
|
|
12 | -------------------------------------------------- | |
|
|
13 | 1. Firewall Profiles -> Firewall Profile | |
|
|
14 | -------------------------------------------------- | |
|
|
15 | Name: RhodeCode (can be anything) | |
|
|
16 | Mode: Reject | |
|
|
17 | Hardening & Signing: | |
|
|
18 | [ ] Static URL hardeninig | |
|
|
19 | [ ] Form hardening | |
|
|
20 | [x] Cookie Signing | |
|
|
21 | Filtering: | |
|
|
22 | [x] Block clients with bad reputation | |
|
|
23 | [x] Common Threats Filter | |
|
|
24 | [ ] Rigid Filtering | |
|
|
25 | Skip Filter Rules: | |
|
|
26 | 960015 | |
|
|
27 | 950120 | |
|
|
28 | 981173 | |
|
|
29 | 970901 | |
|
|
30 | 960010 | |
|
|
31 | 960032 | |
|
|
32 | 960035 | |
|
|
33 | 958291 | |
|
|
34 | 970903 | |
|
|
35 | 970003 | |
|
|
36 | Common Threat Filter Categories: | |
|
|
37 | [x] Protocol violations | |
|
|
38 | [x] Protocol anomalies | |
|
|
39 | [x] Request limit | |
|
|
40 | [x] HTTP policy | |
|
|
41 | [x] Bad robots | |
|
|
42 | [x] Generic attacks | |
|
|
43 | [x] SQL injection attacks | |
|
|
44 | [x] XSS attacks | |
|
|
45 | [x] Tight security | |
|
|
46 | [x] Trojans | |
|
|
47 | [x] Outbound | |
|
|
48 | Scanning: | |
|
|
49 | [ ] Enable antivirus scanning | |
|
|
50 | [ ] Block uploads by MIME type | |
|
|
51 | -------------------------------------------------- | |
|
|
52 | 2. Web Application Firewall -> Real Webservers | |
|
|
53 | -------------------------------------------------- | |
|
|
54 | Name: RhodeCode (can be anything) | |
|
|
55 | Host: Your RhodeCode-Server (UTM object) | |
|
|
56 | Type: Encrypted (HTTPS) | |
|
|
57 | Port: 443 | |
|
|
58 | -------------------------------------------------- | |
|
|
59 | 3. Web Application Firewall -> Virual Webservers | |
|
|
60 | -------------------------------------------------- | |
|
|
61 | Name: RhodeCode (can be anything) | |
|
|
62 | Interface: WAN (your WAN interface) | |
|
|
63 | Type: Encrypted (HTTPS) & redirect | |
|
|
64 | Certificate: Wildcard or matching domain certificate | |
|
|
65 | Domains (in case of Wildcard certificate): | |
|
|
66 | rhodecode.yourcompany.com (match your DNS configuration) | |
|
|
67 | gist.yourcompany.com (match your DNS & RhodeCode configuration) | |
|
|
68 | Real Webservers for path '/': | |
|
|
69 | [x] RhodeCode (created in step 2) | |
|
|
70 | Firewall: RhodeCode (created in step 1) | |
|
|
71 | -------------------------------------------------- | |
|
|
72 | 4. Firewall Profiles -> Exceptions | |
|
|
73 | -------------------------------------------------- | |
|
|
74 | Name: RhodeCode exceptions (can be anything) | |
|
|
75 | Skip these checks: | |
|
|
76 | [ ] Cookie signing | |
|
|
77 | [ ] Static URL Hardening | |
|
|
78 | [ ] Form hardening | |
|
|
79 | [x] Antivirus scanning | |
|
|
80 | [x] True file type control | |
|
|
81 | [ ] Block clients with bad reputation | |
|
|
82 | Skip these categories: | |
|
|
83 | [ ] Protocol violations | |
|
|
84 | [x] Protocol anomalies | |
|
|
85 | [x] Request limits | |
|
|
86 | [ ] HTTP policy | |
|
|
87 | [ ] Bad robots | |
|
|
88 | [ ] Generic attacks | |
|
|
89 | [ ] SQL injection attacks | |
|
|
90 | [ ] XSS attacks | |
|
|
91 | [ ] Tight security | |
|
|
92 | [ ] Trojans | |
|
|
93 | [x] Outbound | |
|
|
94 | Virtual Webservers: | |
|
|
95 | [x] RhodeCode (created in step 3) | |
|
|
96 | For All Requests: | |
|
|
97 | Web requests matching this pattern: | |
|
|
98 | /_channelstream/ws | |
|
|
99 | /Repository1/* | |
|
|
100 | /Repository2/* | |
|
|
101 | /Repository3/* No newline at end of file | |
General Comments 0
You need to be logged in to leave comments.
Login now