Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Block all domains beyond one

John
John September 12, 2017

Hello, I have own server with JIRA. On the server through the DNS server, I have redirected several domains, e.g a.com/b.com/c.com

For each domain, upon entering port 8080 receives a login panel. How to allow entry only from a.com:8080. For b.com:8080 and c.com:8080 domains there would be an error, page does not exist or anything.

As I understand, the usual white list of this does not work because I do not have any address outside attlassian.com and on my JIRA I can get from any domain.

 

Answer
Watch
Like Be the first to like this
375 views

1 answer

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 13, 2017

Is there some reason you want to leave the current DNS entries in tact?   

If not, then the easiest solution would be to simply change the DNS lookup for b.com and c.com to be some other address.

If there is some reason for these DNS entries in place, then there is a problem here.  Because JIRA is hosting the site by default to all network interfaces of that server.  But even then, if all of these domains are referring to the same IP address, there isn't a clear way to do this kind of blocking within JIRA itself or the Apache Tomcat instance running the webservice for JIRA.

You can configure Apache Tomcat's connector in the server.xml file to contain an 'address' parameter, explained in Apache Tomcat 8 Configuration Reference  But this is really only helpful if your JIRA server has multiple network interfaces and you want to single out one of these where the site can be reached.   If this is the case, then you might be able to use this parameter to only have jira listen to the address where a.com refers to, and then instead have b.com and c.com refer to a different network address for that server.

Otherwise, I don't see a way to do this on the system without some fancy traffic filtering, which would be largely depending upon the operating system you are using for the JIRA server.

Putting a reverse proxy in front of JIRA another way to filter the traffic to that specific domain to a specific address/port where JIRA is running.   But even this method would still require you to change the port/address that JIRA's tomcat is running on and/or the DNS address where these requests are being sent to.  Most reverse proxies can be configured to accept traffic requests on one port and in turn redirect this traffic to another address/port in a way that is seemless to the end user.  So this could be used only redirect requests made to a specific domain.

Configure virtual hosts using mod_proxy actually has a section on this in that KB.  In that setup you can specify the 'ServerName' parameter to be a specific domain.   Using that setup you then direct the traffic to a.com to the reverse proxy instead.  From there that proxy can redirect that traffic to the address/port JIRA is hosted on.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events