Apache を使用して Confluence 管理インターフェイスへのアクセスを制限する

As well as limiting access to the Confluence administration console to users who really need it, and using strong passwords, you can consider limiting access to certain machines on the network or internet. If you are using Apache web server, this can be done with Apache's Location functionality. 

To limit access to admin screens to specific IP addresses in Apache:

  1. Create a file that defines permission settings. This file can be in the Apache configuration directory or in a system-wide directory. For this example we'll call it "sysadmin_ips_only.conf". The file should contain the following.

    Order Deny,Allow
    Deny from All
    
    # Mark the Sysadmin's workstation
    Allow from 192.168.12.42
  2. In your Apache Virtual Host, add the following lines to restrict the administration actions to the Systems Administrator. 

    Define segmentregex (?:;[^/]*)?(?:/)?(?:(?:;[^/]*)?(?:/)?)*
    <LocationMatch (?i)/confluence${segmentregex}/admin>
      Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/consumers${segmentregex}/list>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/view-consumer-info>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/service-providers${segmentregex}/list>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/service-providers${segmentregex}/add>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/consumers${segmentregex}/add>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/consumers${segmentregex}/add-manually>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/update-consumer-info>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/pages${segmentregex}/templates${segmentregex}/listpagetemplates.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/pages${segmentregex}/templates${segmentregex}/createpagetemplate.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/spacepermissions.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/pages${segmentregex}/listpermissionpages.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/removespace.action>
            Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/importmbox.action>
            Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/viewmailaccounts.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/addmailaccount.action?>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/importpages.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/flyingpdf${segmentregex}/flyingpdf.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/exportspacehtml.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/exportspacexml.action>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/embedded-crowd>
       Include sysadmin_ips_only.conf
    </LocationMatch>
    <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/upm>
       Include sysadmin_ips_only.conf
    </LocationMatch>

    This configuration assumes you're running Confluence with the context path '/confluence'. If you are running with a different context path, or no context path, adjust the sample above accordingly.


最終更新日 2019 年 4 月 1 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.