Dear all,

In an attempt to tighten the security of our new Traso website, out proxy in front of the web server has been carefully modified: some state-of-the-art techniques have been implemented which brought our security rating from Grade F to Grade B.

Important: This affects all our systems which are reachable externally - including

xadmin
roundcube
otrs
wiki
...

By now, everything looks fine. Please tell me if customers notify about problems accessing our systems.

Kind Regards

Gunnar

DETAILS

Haproxy web frontend has been extendet by

http-response set-header X-Frame-Options SAMEORIGIN

http-response set-header X-XSS-Protection 1;mode=block

http-response set-header X-Content-Type-Options nosniff

http-response set-header Referrer-Policy strict-origin-when-cross-origin

http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;

CSP hast not been enabled, this would require extensive testing and is handled in AD-690

--

Mit freundlichen Grüßen

Gunnar Mann

- Systemadministration -
________________________________________________________

TraSo GmbH

Nonnenstraße 42
D-04229 Leipzig

Tel.: +49 341 355 740 76
Fax: +49 341 355 740 21
E-Mail: g.mann@traso.de

________________________________________________________
Geschäftsführer: Haiko Gerdes
Handelsregister: Amtsgericht Leipzig, HRB 21850