管理を特定の IP アドレスに制限する

The Confluence administration interface is a critical part of the application; anyone with access to it can potentially compromise not only the Confluence instance but the entire machine. As well as limiting access to users who really need it, and using strong passwords, you should consider limiting access to it to certain machines on the network or internet. If you are using an Apache web server, this can be done with Apache's Location functionality as follows:

 

(warning) The information on this page does not apply to Confluence OnDemand.

1. 権限設定を定義するファイルを作成します

このファイルは、Apache 設定ディレクトリあるいはシステム全体の設定ディレクトリにあります。この例では、"sysadmin_ips_only.conf" と呼びます。このファイルには、以下が含まれている必要があります:

	Order Deny,Allow
	Deny from All

	# Mark the Sysadmin's workstation
	Allow from 192.168.12.42

2. ファイルを Virtual Host に追加します

お使いの Apache Virtual Hostに以下の行を追加して、管理アクションをシステム管理者に限定します:

この設定では、Confluence が「/confluence」にインストールされていると仮定しています。「/」やその他のディレクトリにインストールした場合、それに応じてパスを調整します。

<Location /confluence/admin>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/list>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/view-consumer-info>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/list>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/add>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add-manually>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/update-consumer-info>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/templates/listpagetemplates.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/templates/createpagetemplate.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/spacepermissions.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/listpermissionpages.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/removespace.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/importmbox.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/viewmailaccounts.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/addmailaccount.action?>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/importpages.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/flyingpdf/flyingpdf.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/exportspacehtml.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/exportspacexml.action>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/embedded-crowd>
  Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/upm>
  Include sysadmin_ips_only.conf
</Location>

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.