Using Apache to limit access to the Confluence administration interface

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Limiting administration to specific IP addresses

The Confluence administration interface is a critical part of the application; anyone with access to it can potentially compromise not only the Confluence instance but the entire machine. As well as limiting access to users who really need it, and using strong passwords, you should consider limiting access to it to certain machines on the network or internet. If you are using an Apache web server, this can be done with Apache's Location functionality as follows:

1. Create a file that defines permission settings

This file can be in the Apache configuration directory or in a system-wide directory. For this example we'll call it "sysadmin_ips_only.conf". The file should contain the following:

	Order Deny,Allow
	Deny from All

	# Mark the Sysadmin's workstation
	Allow from 192.168.12.42

2. Add the file to your Virtual Host

In your Apache Virtual Host, add the following lines to restrict the administration actions to the Systems Administrator:

This configuration assumes you've installed Confluence under '/confluence'. If you have installed under '/' or elsewhere, adjust the paths accordingly.

<Location /confluence/admin>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/list>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/view-consumer-info>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/list>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/add>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add-manually>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/update-consumer-info>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/templates/listpagetemplates.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/templates/createpagetemplate.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/spacepermissions.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/listpermissionpages.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/removespace.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/importmbox.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/viewmailaccounts.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/addmailaccount.action?>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/importpages.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/flyingpdf/flyingpdf.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/exportspacehtml.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/exportspacexml.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/embedded-crowd>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/upm>
  Include sysadmin_ips_only.conf
</Location>
Last modified on Sep 26, 2017

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.