Block all domains beyond one

Hello, I have own server with JIRA. On the server through the DNS server, I have redirected several domains, e.g a.com/b.com/c.com

For each domain, upon entering port 8080 receives a login panel. How to allow entry only from a.com:8080. For b.com:8080 and c.com:8080 domains there would be an error, page does not exist or anything.

As I understand, the usual white list of this does not work because I do not have any address outside attlassian.com and on my JIRA I can get from any domain.

 

1 answer

0 vote

Is there some reason you want to leave the current DNS entries in tact?   

If not, then the easiest solution would be to simply change the DNS lookup for b.com and c.com to be some other address.

If there is some reason for these DNS entries in place, then there is a problem here.  Because JIRA is hosting the site by default to all network interfaces of that server.  But even then, if all of these domains are referring to the same IP address, there isn't a clear way to do this kind of blocking within JIRA itself or the Apache Tomcat instance running the webservice for JIRA.

You can configure Apache Tomcat's connector in the server.xml file to contain an 'address' parameter, explained in Apache Tomcat 8 Configuration Reference  But this is really only helpful if your JIRA server has multiple network interfaces and you want to single out one of these where the site can be reached.   If this is the case, then you might be able to use this parameter to only have jira listen to the address where a.com refers to, and then instead have b.com and c.com refer to a different network address for that server.

Otherwise, I don't see a way to do this on the system without some fancy traffic filtering, which would be largely depending upon the operating system you are using for the JIRA server.

Putting a reverse proxy in front of JIRA another way to filter the traffic to that specific domain to a specific address/port where JIRA is running.   But even this method would still require you to change the port/address that JIRA's tomcat is running on and/or the DNS address where these requests are being sent to.  Most reverse proxies can be configured to accept traffic requests on one port and in turn redirect this traffic to another address/port in a way that is seemless to the end user.  So this could be used only redirect requests made to a specific domain.

Configure virtual hosts using mod_proxy actually has a section on this in that KB.  In that setup you can specify the 'ServerName' parameter to be a specific domain.   Using that setup you then direct the traffic to a.com to the reverse proxy instead.  From there that proxy can redirect that traffic to the address/port JIRA is hosted on.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published May 21, 2018 in Jira Software

How large do you think Jira Software can grow?

Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...

1,242 views 10 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you