Best way to block external access to Confluence Tomcat port?

I'm running Confluence 4.2 on Windows (this particular Confluence installation is running on Windows Server 2003).

I have followed the Atlassian documentation to configure Confluence and the Apache HTTP server so that I can access Confluence via the Apache HTTP server at the following URL (using the default HTTP port, 80):

http://myserver/wiki

rather than via the Tomcat port:

http://myserver:8090

(I feel slightly unclean quoting those URLs without a trailing slash. Feel free to read those URLs as if they have a trailing slash.)

I am "front-ending" Confluence like this - using the Apache HTTP server - because I am introducing some Ajax queries into Confluence pages (using <script> elements inside HTML macros) to a REST API served by a different host. To avoid cross-domain scripting errors, I have also configured the Apache HTTP server as a proxy for that other host.

When a user accesses Confluence via the Apache HTTP server - http://myserver/wiki - all is good, because the Ajax queries embedded in the Confluence pages refer to a path on the same domain - http://myserver/rest/... - thus avoiding cross-domain scripting errors. That is, to the browser - thanks to the Apache HTTP server acting as a proxy - both the Confluence page itself and the Ajax queries are using the same domain.

However, if a user accesses Confluence via the "direct Tomcat URL", those Ajax queries fail.

So, I want to block "external" access to http://myserver:8090 (that is, access from outside the server; I still want the Apache web server - running on that web server - to be able to redirect to port 8090).

Using the Windows Firewall to block access to port 8090 seems an obvious choice. Any other recommendations?

2 answers

1 accepted

Make confluence to listen only on local interface (127.0.0.1). That's the safest way, if httpd runs on the same machine.

I'm embarrassed to admit I don't even remember asking this question. That example makes sense to me, though. Thank you!

On your connector settings add these following attributes

proxyName

proxyPort

http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

think that should do, but i'm not sure check .. something i did looong back

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Thursday in Confluence

Three common content challenges + how to manage them

An efficient enterprise content management system, or ECM, is a must-have for companies that create work online (cough   cough, all companies). If content calendars, marketing plans, and bu...

73 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you