Protection policies
Using policies, you can define protection from vulnerability exploits, such as cookie, URL, and form manipulation.
Policies also mitigate common threats, such as application and cross-site scripting (XSS) attacks.
Sophos Firewall provides default policies for some common web services, for example Exchange Autodiscover.
Migrated protection policies
SFOS 18.0 has implemented changes in the categories and settings of web server rules and protection policies based on the OWASP ModSecurity Core Rule Set 3.0.
Sophos Firewall has merged some protection categories into a single category, mapped filter rules to new rule IDs, and introduced filtering strength levels.
Note
If you turned on a category earlier, the new category in which it's merged is turned on during migration. For example, if a pre-migration policy has Protocol violations turned on and Protocol anomalies turned off, the post-migration category Protocol enforcement, which contains both categories, is turned on.
Pre-migration | Post-migration |
---|---|
Protocol violations Protocol anomalies Request limits HTTP policy | Protocol enforcement |
Generic attacks Tight security | Application attacks |
Bad robots | Scanner detection |
Outbound | Data leakage |
Rigid filtering | Filter strength with four levels of filtering. Rigid filtering setting migrates to Level 1 (Most permissive) setting. We recommend that you evaluate your protection policies and change the setting, if necessary. |
Trojans | Removed the category. Anti-virus scanning protects from trojans. |
Rule IDs in Skip filter rules | Rules have been mapped to new rule IDs. For skipped rules that map to a new rule ID, the new rule continues to be skipped after migration. Unmapped rules and rules that have been removed or merged into a new rule are removed from the skip rule list. |
More resources