How to Block API Web Interface Page Access


アトラシアン コミュニティをご利用ください。


(warning) Take note that the configuration changes is not officially supported by Atlassian. Please perform a backup of your instance first before you proceed with the solution.


In some circumstances, the admin is required to block any form API key generation from specific IP addresses for security purposes. The 

(warning) This will not stop users from creating API token via the method itself - Generate token


  • Obtain the root access of the instance:

    sudo dont-blame-hipchat
  • Edit the /etc/nginx/sites-enabled/000-web file using your preferred text editor. In this example, nano:

    nano /etc/nginx/sites-enabled/000-web
  • Define whitelisted IP ranges at the top of the file. Refer to the IP range we are using for example:

    # 0 is allowed, 1 is denied
    geo $blacklisted_ips
    {  0;
      default         1;
  • In the server section that is listening on port 443, add conditions to deny access to not serve the API pages to blacklisted IPs:

      if ($blacklisted_ips)
        set $notallowed IP;
      if ($request_uri ~ (/account/api|/admin/api))
        set $notallowed "${notallowed}LOC";
      if ($notallowed = IPLOC)
        return 403;
  • Reload nginx service for the changes to take effect:

    service nginx reload
  • Once you validate the behavior, make the changes to /hipchat-scm/chef-repo/cookbooks/hipchat_web/templates/default/web-site-btf.erb so they persist after reboots and Chef runs with reference to How to change files maintained by Chef in HipChat Server

最終更新日 2018 年 11 月 2 日


Powered by Confluence and Scroll Viewport.