Am 05.06.2020 um 12:42 schrieb Gunnar Mann <g.mann@traso.de>:

Signierter PGP-Teil

Dear all,

In an attempt to tighten the security of our new Traso website, out proxy in front of the web server has been carefully modified: some state-of-the-art techniques have been implemented which brought our security rating from Grade F to Grade B. 

Important: This affects all our systems which are reachable externally - including

• xadmin
• roundcube
• otrs
• wiki
• ...

By now, everything looks fine. Please tell me if customers notify about problems accessing our systems.

Kind Regards

Gunnar

DETAILS

Haproxy web frontend has been extendet by

    http-response set-header X-Frame-Options SAMEORIGIN

    http-response set-header X-XSS-Protection 1;mode=block

    http-response set-header X-Content-Type-Options nosniff

    http-response set-header Referrer-Policy strict-origin-when-cross-origin

    http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;

CSP hast not been enabled, this would require extensive testing and is handled in AD-690

-- 

Mit freundlichen Grüßen

Gunnar Mann 

- Systemadministration - 
________________________________________________________ 

TraSo GmbH

Nonnenstraße 42
D-04229 Leipzig

Tel.: +49 341 355 740 76 
Fax: +49 341 355 740 21 
E-Mail: g.mann@traso.de 

<jaadoljngbnaodkp.png><abbnodbbkjkohagc.png><lbclmaodldhbijab.png><abbnodbbkjkohagc.png><bmkhknocgjbdicip.png><abbnodbbkjkohagc.png><lplkcmkdniniffha.png>
________________________________________________________
Geschäftsführer: Haiko Gerdes
Handelsregister: Amtsgericht Leipzig, HRB 21850