Apache を使用して Confluence 管理インターフェイスへのアクセスを制限する
As well as limiting access to the Confluence administration console to users who really need it, and using strong passwords, you can consider limiting access to certain machines on the network or internet. If you are using Apache web server, this can be done with Apache's Location functionality.
Apache で管理画面へのアクセスを特定の IP アドレスに制限するには、次の手順を実行します。
権限設定を定義するファイルを作成します。このファイルは、Apache の設定ディレクトリあるいはシステムレベルのディレクトリにあります。この例では、"sysadmin_ips_only.conf" と呼びます。このファイルには、以下が含まれている必要があります:
Order Deny,Allow Deny from All # Mark the Sysadmin's workstation Allow from 192.168.12.42
Apache Virtual Host で以下の行を追加して、管理アクションをシステム管理者に限定します。
Define segmentregex (?:;[^/]*)?(?:/)?(?:(?:;[^/]*)?(?:/)?)* <LocationMatch (?i)/confluence${segmentregex}/admin> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/consumers${segmentregex}/list> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/view-consumer-info> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/service-providers${segmentregex}/list> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/service-providers${segmentregex}/add> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/consumers${segmentregex}/add> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/consumers${segmentregex}/add-manually> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/oauth${segmentregex}/update-consumer-info> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/pages${segmentregex}/templates${segmentregex}/listpagetemplates.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/pages${segmentregex}/templates${segmentregex}/createpagetemplate.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/spacepermissions.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/pages${segmentregex}/listpermissionpages.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/removespace.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/importmbox.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/viewmailaccounts.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/addmailaccount.action?> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/importpages.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/flyingpdf${segmentregex}/flyingpdf.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/exportspacehtml.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/spaces${segmentregex}/exportspacexml.action> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/embedded-crowd> Include sysadmin_ips_only.conf </LocationMatch> <LocationMatch (?i)/confluence${segmentregex}/plugins${segmentregex}/servlet${segmentregex}/upm> Include sysadmin_ips_only.conf </LocationMatch>
この設定では、Confluence がコンテキスト パス "/confluence" で実行されていると仮定しています。別のコンテキスト パスで Confluence を実行している場合や、コンテキスト パスを使用していない場合は、適宜、上記のサンプルを調整してください。