Block all domains beyond one

Hello, I have own server with JIRA. On the server through the DNS server, I have redirected several domains, e.g

For each domain, upon entering port 8080 receives a login panel. How to allow entry only from For and domains there would be an error, page does not exist or anything.

As I understand, the usual white list of this does not work because I do not have any address outside and on my JIRA I can get from any domain.


1 answer

0 votes

Is there some reason you want to leave the current DNS entries in tact?   

If not, then the easiest solution would be to simply change the DNS lookup for and to be some other address.

If there is some reason for these DNS entries in place, then there is a problem here.  Because JIRA is hosting the site by default to all network interfaces of that server.  But even then, if all of these domains are referring to the same IP address, there isn't a clear way to do this kind of blocking within JIRA itself or the Apache Tomcat instance running the webservice for JIRA.

You can configure Apache Tomcat's connector in the server.xml file to contain an 'address' parameter, explained in Apache Tomcat 8 Configuration Reference  But this is really only helpful if your JIRA server has multiple network interfaces and you want to single out one of these where the site can be reached.   If this is the case, then you might be able to use this parameter to only have jira listen to the address where refers to, and then instead have and refer to a different network address for that server.

Otherwise, I don't see a way to do this on the system without some fancy traffic filtering, which would be largely depending upon the operating system you are using for the JIRA server.

Putting a reverse proxy in front of JIRA another way to filter the traffic to that specific domain to a specific address/port where JIRA is running.   But even this method would still require you to change the port/address that JIRA's tomcat is running on and/or the DNS address where these requests are being sent to.  Most reverse proxies can be configured to accept traffic requests on one port and in turn redirect this traffic to another address/port in a way that is seemless to the end user.  So this could be used only redirect requests made to a specific domain.

Configure virtual hosts using mod_proxy actually has a section on this in that KB.  In that setup you can specify the 'ServerName' parameter to be a specific domain.   Using that setup you then direct the traffic to to the reverse proxy instead.  From there that proxy can redirect that traffic to the address/port JIRA is hosted on.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Feb 26, 2019 in Jira Software

How to prevent the propagation of unused project schemes, workflows & screens in Jira software

Atlassian ranks project attributes as the third most important factor impacting performance in the category of data. It’s not surprising, since project attributes are precisely the rules used to ma...

595 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you