Network Guys

Share your knowledge!

Securing ownCloud with Sophos UTM Webserver Protection

Hi guys!

To secure your ownCloud access via Sophos UTM Webserver Protection, you will need to add your local webserver (in my case a Raspberry Pi; tutorial here) to the webserver protection module:

owncloud-utm-realwebserver

 

 

now we will configure a new firewall policy especially for our requirements:

owncloud-utm-firewall

 

I configured uploads only at the Antivirus option. After this we need to configure a virtual webserver (the reverse proxy from the UTM):

owncloud-utm-virtualwebserver

you can generate a trusted SSL certificate for free for personal use at StartSSL or you can choose the self-generated WebAdmin certificate from the UTM itself. If you have any questions, just ask in the comments and I will add additional informations to this tutorial.

13 Responses

  1. Great doing!
    Have some questions:
    StartSSL works not for me. I can’t download any certificate. I get certain ssl errors in IE19, Mozilla, Chrome after register my email-adress. Maybe you’ve an alternative Free SSL provider.
    I’m unsure what “Domain” in UTM Webserver Security I must configure.
    How you open external your ownCloud? https://your-dyndns-of-UTM9/cloud ?
    Thx reredok

  2. Hi
    I’m trying to publish a site over http as i don’t need it over ssl, but i can not get it accessible through the astaro box. If i remove the astaro box and put a standard router with port forwarding works fine but id like to be able to do 2 subsites using reverse proxying.

    Thanks
    Deep

      1. I’ve checked and found that the astaro box rules are working correctly but it is the BTHomeHub that is not passing the requests on.
        I currently have it setup like this BTModem>BTHH>Astaro>LAN with DMZ to forward all requests on BTHH to the astaro box. I would like to get rid of the BTHH but am having issues connecting the astaro box directly to the BTModem.
        When connected as BTModem>Astaro>LAN the astaro box picks an external IP and Gateway but can not communicate over the WAN, including being able to ping its given gateway. I used the steps from the astaro forum http://www.astaro.org/gateway-products/hardware-installation-up2date-licensing/36660-vdsl-modem.html. Any help will be greatly appreciated.

        Deep

        1. What happens when you connect your notebook/pc to the modem? Do you get a public ip address? Can you access the internet and ping the 8.8.8.8 (Google Public DNS Server)? When yes, please control your settings in the astaro box (Firewall, NAT, Default Gateway at your WAN interface, etc.).

          1. Thanks for your reply,
            The pc does not get any public ip. I’m going to try and work out how the BTHH is sending data when DMZ is enabled. I have read other forums and noticed a lot of complaints with the DMZ on the BTHH. if this does not work, i might get another vdsl router to replace the BTModem and use that to forward traffic to the astaro box.

  3. I followed the steps for this, but when I try to access the site I am getting the error Forbidden you do not have permission to access / on this server. Not sure what I am doing wrong here?

Leave a Reply

Click on the button to load the content from jetpack.wordpress.com.

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Certificates

ekahau Certified Survey Engineer
ATP_wsrgb
ACMP2
suca
Post Categories
Post Archives