How to block access to a specific URL at Tomcat

Atlassian Knowledge Base

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

The content on this page relates to platforms which are not supported. Consequently, Atlassian Support cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.

Purpose

In some cases, you may wish to restrict access to a specific URL within your Atlassian Applications - for example, if clients are accessing a URL that causes load on the application server. If you don't have access to the reverse proxy (or are not using a reverse proxy) you can modify Tomcat directly.

tip/resting Created with Sketch.

This solution is only applicable for Atlassian Applications that run under Apache Tomcat - such as Jira, Confluence, Crowd.

Solution

  • Shut down the application
  • backup your $application-install/atlassian-jira/WEB-INF/web.xml file
  • Modify the web.xml file with a text editor of your choice and locate this comment element at the end:

<!--
All session-config, mime-mapping, welcome-file-list, error-page, taglib,
resource-ref, security-constraint, login-config, security-role,
env-entry, and ejb-ref elements should follow this fragment.
-->

  • On your Jira instance, Navigate to the page that you would like to block and copy the URL.
  • Remove the Base URL and replace the contents of the <url-pattern> element.
    • Note that the context path should not be in the <url-pattern>. Multiple <url-pattern> elements can be added. For URL's with parameters, the wildcard is not used.
  • Add the following block after the comment block and inside the <web-app> element(Before the </web-app>:
<security-constraint>
	<web-resource-collection>
    	<url-pattern>/path/to/block/without/context/root/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint />
</security-constraint>
  • Start your application
  • If you are running a Data Center with multiple nodes, you will need to repeat the steps above on all nodes.


DescriptionHow to block access to a specific URL at Tomcat when the reverse proxy is unavailable or not used
Product

Last modified on Feb 5, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.