Restrict a specific IP address to access administrator background
The Confluence Administrator Console interface is important for the entire application, and anyone accessing the confluence console can access not only the confluence installation instance but also the entire server. We can restrict access to Confluence's Administrator console to people who really need to use it and how to use a strong password. You can consider that only some of the machines on the network can access the confluence's Administrator console or only the internal network machine to access the console. If you are using Apache Web server, this restriction can be configured on the Apache side and configured as follows:
1. Create a setting that defines permissions
This file can be in the Apache configuration directory or the system global directory. For example, this configuration file can be named "sysadmin_ips_only.conf". This configuration file should contain the following content:
Order Deny,Allow Deny from All # Mark the Sysadmin‘s workstation Allow from 192.168 . 12.42 |
2. Add this file to your web hosting
In your Apache virtual host configuration file, add the following line to limit the administrative actions that your system administrator can perform:
This configuration is based on the confluence you have installed in the '/confluence ' directory. If your confluence is installed under the '/' or other path, simply add the relevant path.
<Location /confluence/admin>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/list>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/view-consumer-info>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/list>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/add>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add-manually>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/update-consumer-info>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/templates/listpagetemplates.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/templates/createpagetemplate.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/spacepermissions.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/listpermissionpages.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/removespace.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/importmbox.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/viewmailaccounts.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/addmailaccount.action?>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/importpages.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/flyingpdf/flyingpdf.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/exportspacehtml.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/exportspacexml.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/embedded-crowd>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/upm>
Include sysadmin_ips_only.conf
</Location>
|
Https://www.cwiki.us/display/CONF6ZH/Using+Apache+to+limit+access+to+the+Confluence+administration+interface
Use Apache to restrict access to the Confluence 6 Administrator interface