diff --git a/source/vendor/deciso/images/OPNWAF_edit_location.png b/source/vendor/deciso/images/OPNWAF_edit_location.png deleted file mode 100644 index b0dda5b3..00000000 Binary files a/source/vendor/deciso/images/OPNWAF_edit_location.png and /dev/null differ diff --git a/source/vendor/deciso/images/OPNWAF_edit_virtual_server.png b/source/vendor/deciso/images/OPNWAF_edit_virtual_server.png deleted file mode 100644 index 61b6da29..00000000 Binary files a/source/vendor/deciso/images/OPNWAF_edit_virtual_server.png and /dev/null differ diff --git a/source/vendor/deciso/opnwaf.rst b/source/vendor/deciso/opnwaf.rst index f062f4e9..73104e12 100644 --- a/source/vendor/deciso/opnwaf.rst +++ b/source/vendor/deciso/opnwaf.rst @@ -78,8 +78,27 @@ With the general settings in place, we can start adding virtual servers to offlo First go to :menuselection:`Firewall --> Web Application --> Gateways` and click on the [+] in the top section of the screen, which defines the virtual servers. -.. image:: images/OPNWAF_edit_virtual_server.png - :width: 90% + +========================================================================================================================= + +================================ ======================================================================================== +Enabled Enable this virtual server +ServerName Fully qualified hostname for this server +Port Port number this vhost will listen on, can easily be combined with firewall nat rules + to map traffic to non standard ports when origination from remote destinations. + (e.g. listen 8443 on, forward 443 to 8443) +Certificate When using a certificate available in the system trust store, select it here +Enable ACME Enable the ACME protocol to automatically provision certificates using Let's Encrypt, + when set will ignore the selected certificate (and enable SSL on this virtual server) +Header Security Header security, by default several privacy and security related headers are set, + in some cases (old applications for example) you might want to disable + sending default headers to clients. +TLS Security profile TLS security profile as documented by + `Mozilla `__ +Description User friendly description for this vhost +================================ ======================================================================================== + + This section defines the port the virtual server will listen on, remember, in order to use ACME (Let's encrypt) this should either be 443 or the traffic should be forwarded from port 443 to the port defined here. @@ -95,8 +114,19 @@ The virtual server itself doesn't provide much content to the user other than of so the next step is to map directories to external locations. These can be defined in the "Locations" Grid underneath the Virtual servers. -.. image:: images/OPNWAF_edit_location.png - :width: 90% + +========================================================================================================================= + +================================ ======================================================================================== +Enabled Enable this location +Path Local path to match +Remote destinations Locations to forward requests to, when more than one is provided, requests will be + loadbalanced in a round robin fashion. +Access control List of networks allowed to access this path (empty means any) +VirtualServer The server this location belongs to +Description User friendly description for this location +================================ ======================================================================================== + The options here are quite simple, first you define a path on your end (:code:`/` in our example), next you define one or more destinations this path should map to (as example we're pointing to a public server here).