Consider moving /exchange to a separate HTTPS address
Might make it easier to isolate traffic flows that way -- are exchange requests only internal?
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information