Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Disable http access to our Confluence server

Joe Budzowski
Joe Budzowski April 19, 2021

I implemented https using a solution posted in Community, but the Confluence can still be accessed using port 8090.

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"
enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8090"
protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
scheme="https" proxyName="confluence.ourcompany.com" proxyPort="443"/>

We are using an F5 redirect to port 8090.  How can we implement https without allowing access via port 8090?

Answer
Watch
Like Be the first to like this
454 views

1 answer

0 votes
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 19, 2021

Hi @Joe Budzowski 
I hope you are well.

Based on your description you are offloading SSL on the F5 load balancer.
Therefore, any connection from F5 to the Confluence server is made over HTTP.

In this case, you still need to allow HTTP connections when the source is your F5 load balancer servers, and may want to block anything from other sources, such as users' computers.

You may need to use some external solution to administer this requirement, such as iptables on Linux.
With iptables you would be able to allow access to the TCP port 8090 from F5 while blocking access from any other source.
You may also want to allow access from other specific sources, such as a jump server, for maintenance purposes.

Let me know if that makes sense to you.

Kind regards,
Thiago Masutti

View More Comments
Chris Shaw
Chris Shaw August 2, 2023

I have the same question but we are not using any load balancer. The provided solution still uses port 8090 but we need to block direct port access using http://hostname:8090

Thanks,

Chris Shaw

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 2, 2023

If you block the port, the service can't be reached by other systems.

What are you actually trying to achieve here?

Like
Chris Shaw
Chris Shaw August 2, 2023

We are trying to block direct http access using http://hostname:8090. We have switched to using https with the proxy name  URL and can redirect the old http access with the proxy name URL, but you can still bypass the SSL using http://hostname:8090

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.4.7
TAGS
AUG Leaders

Atlassian Community Events

    See all events