Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Fisheye/Crucible
Questions
How to restrict FishEye access to dedicated IP addresses

How to restrict FishEye access to dedicated IP addresses

We're running FishEye/Crucible on a productive server and want to allow access to it from only a number of dedicated IP addresses (e.g. the reverse proxy).

The built-in Jetty could be configured suitably by altering the jetty.xml, but this file does not exist and FishEye/Crucible seems to configure it programmatically.

So is there a way to achieve this?

2 answers

1 accepted

3 votes

Answer accepted

Aside from configuring application link ip patterns as Janet has suggested; you could configure the iptables/windows firewall on your Fisheye server to only accept port 8060 requests from your reverse proxy ip.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

We run all the applications behind Apache HTTPD reverse proxies. If it were also the case here, it would be simple to configure access to the proxy from the web server and manage direct access to the specific port numbers by firewalling (iptables).

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

0 votes

Have you tried setting the IP Patterns in the Application Links ? It's should be via Administrations > Application Links > Configure > Incoming Authentications

Look at https://confluence.atlassian.com/display/FISHEYE/Configuring+Trusted+Applications+Authentication+for+an+Application+Link

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

So the recommended way is to link FishEye with for example JIRA and configure the incoming authentication in that link?

I was thinking that this would only affect access to the FishEye remote API.

But if it applies to access in general including web access via browser this would do the trick for us, as we are also running an instance of JIRA we can link to.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

I think you are correct, trusted applications only controls access from the remote APIs rather than client access from a browser. I'm not aware of a way of locking down Fisheye access to one IP address other than with iptables/firewall.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

If that is true, we will most likely come back to your iptables solution.

I was just wondering if there was some built-in solution as it seemed to me a pretty common configuration.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

Fisheye/Crucible

TAGS