How to Restrict Access to Jira with Tomcat

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Atlassian provides limited support with Tomcat configurations. You'll want to ensure to test any suggestions before implementing into a production environment.

Purpose

Increased security, ensuring that Tomcat/Jira can only be reached by the appropriate addresses

Solution

Tomcat provides multiple methods to allow control access, here are two of the possible options:

  1. Restricting which IP addresses that a defined connector port will listen on. http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Standard_Implementation
    1. Example: only allowing the host's loopback address (127.0.0.1) to connect to port 8080:

    2. Modify the Connector within server.xml:

      <Connector port="8080" protocol="HTTP/1.1" ... />

to

<Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1" ... />
    3. Restart Tomcat
  2. Setting remote IP filters for addresses that will be allowed or denied: http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve
    1. Example: only allowing requests from the local address and from address with IP 192.168.1.1:

    2. Modify server.xml and add:

      <Engine name="Catalina" defaultHost="localhost">
    ...
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="127\.0\.0\.1|192\.168\.1\.1"/>
    ...
</Engine>


    3. Restart Tomcat

Last modified on Dec 3, 2019

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.