Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Need to block internet access unless deemed critical

Abhinav Kumar Singh
Abhinav Kumar Singh
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 23, 2024

We have confluence deployed in GCP with external IP, as per recommendation from security dept, we need to restrict its access to our internal IPs and anything else thats critical. We had a large firewall rule allowing many many external IP ranges, which I have removed, the problem is that now I cant see plugin updates. I was asked to update plugin PlantUML but it does not show an update available in the managed apps: https://confluence.corp.clover.com/plugins/servlet/upm/manage/user-installed

Could you please recommend what should be done this case, like whitelisting any specific IP ranges via which we can receive updates?

 

Thank you!

Answer
Watch
Like Be the first to like this
151 views

1 answer

0 votes
Matthias Gaiser _K15t_
Matthias Gaiser _K15t_
Community Champion
October 23, 2024

Hi @Abhinav Kumar Singh

I'd recommend to checkout this documentation from Atlassian which recommends what to whitelist:

To allow UPM to perform online functions behind a firewall, you need to set up firewall whitelist rules that enable UPM to connect on port 443 to these servers:

  • *.atlassian.com: UPM connects to several servers in the atlassian.com domain, including marketplace.atlassian.com, marketplace-cdn.atlassian.com, id.atlassian.com, maven.atlassian.com, and others.   
  • *.cloudfront.net: certain Marketplace assets (screenshots, logos etc) are hosted on cloudfront. Calls to that domain are expected.

If this doesn't work for you, you could always compare manually if the apps you have installed have new versions on the marketplace. If they have, you can download the version on the marketplace and upload it to your Confluence.

Cheers,
Matthias.

View More Comments
Abhinav Kumar Singh
Abhinav Kumar Singh
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 24, 2024

@Matthias Gaiser _K15t_ Thank you for answering, we are using VPC firewall rules so DNS based whitelisting is not possible atm.
The doc mentions ' If you do need to configure rules by IP address, we suggest that you use a network analysis tool to investigate outgoing connections made by UPM.' How do I do this?

I could use this and from time to time change the rule with updated IPs 

Like
Matthias Gaiser _K15t_
Matthias Gaiser _K15t_
Community Champion
October 24, 2024

@Abhinav Kumar Singh, I think that goes beyond what I'm possible to help you with.

If you're talking about AWS VPCs, VPC Flow logs might be helpful. You could allow more connections and monitor which connections are opened and then tighten your ruleset based on what you've monitored.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.