Best way to block external access to Confluence Tomcat port?

I'm running Confluence 4.2 on Windows (this particular Confluence installation is running on Windows Server 2003).

I have followed the Atlassian documentation to configure Confluence and the Apache HTTP server so that I can access Confluence via the Apache HTTP server at the following URL (using the default HTTP port, 80):

http://myserver/wiki

rather than via the Tomcat port:

http://myserver:8090

(I feel slightly unclean quoting those URLs without a trailing slash. Feel free to read those URLs as if they have a trailing slash.)

I am "front-ending" Confluence like this - using the Apache HTTP server - because I am introducing some Ajax queries into Confluence pages (using <script> elements inside HTML macros) to a REST API served by a different host. To avoid cross-domain scripting errors, I have also configured the Apache HTTP server as a proxy for that other host.

When a user accesses Confluence via the Apache HTTP server - http://myserver/wiki - all is good, because the Ajax queries embedded in the Confluence pages refer to a path on the same domain - http://myserver/rest/... - thus avoiding cross-domain scripting errors. That is, to the browser - thanks to the Apache HTTP server acting as a proxy - both the Confluence page itself and the Ajax queries are using the same domain.

However, if a user accesses Confluence via the "direct Tomcat URL", those Ajax queries fail.

So, I want to block "external" access to http://myserver:8090 (that is, access from outside the server; I still want the Apache web server - running on that web server - to be able to redirect to port 8090).

Using the Windows Firewall to block access to port 8090 seems an obvious choice. Any other recommendations?

2 answers

1 accepted

This widget could not be displayed.

Make confluence to listen only on local interface (127.0.0.1). That's the safest way, if httpd runs on the same machine.

I'm embarrassed to admit I don't even remember asking this question. That example makes sense to me, though. Thank you!

This widget could not be displayed.

On your connector settings add these following attributes

proxyName

proxyPort

http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

think that should do, but i'm not sure check .. something i did looong back

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

341 views 2 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you