Anda di halaman 1dari 2

CWIKI.US - OSSEZ https://www.cwiki.

us

Using Apache to limit access to the Confluence


administration interface
中文标题【使用 Apache 来限制访问 Confluence 的管理员界面】

限制特定的 IP 地址可以访问管理员后台
Confluence 的管理员控制台界面对整个应用来说是非常重要的,任何人访问 Confluence 的控制台不仅仅可以访问 Confluence 安装实例,同时
还可以访问整个服务器。我们可以限制 Confluence 的管理员控制台的访问给真正需要使用的人和使用强密码的方式。你可以考虑只有网络上的
部分机器能够访问 Confluence 的管理员控制台或者只有内部网络的机器才可以访问控制台。如果你使用的是Apache web server,这个限制可以
在Apache 端进行配置,按照下面的方法进行配置:

1. 创建一个定义权限的设置

这个文件可以在 Apache 的配置目录中或者系统全局目录中。例如这个配置文件我们可以命名为 "sysadmin_ips_only.conf"。这个配置文件应该


包含有下面的内容:

Order Deny,Allow
Deny from All

# Mark the Sysadmin's workstation


Allow from 192.168.12.42

2. 添加这个文件到你的虚拟主机中

在你的 Apache 虚拟主机(Apache Virtual Host)配置文件中,添加下面的行来限制系统管理员可以进行的管理操作:

这个配置是是基于你已经安装 Confluence 在 '/confluence' 目录下。如果你的 Confluence 是安装在 '/' 下或者其他的路径下,仅添加


相关的路径即可。

<Location /confluence/admin>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/list>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/view-consumer-info>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/list>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/add>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add-manually>
Include sysadmin_ips_only.conf

P1 Copyright © 2014 - 2018, OSSEZ LLC


CWIKI.US - OSSEZ https://www.cwiki.us

</Location>
<Location /confluence/plugins/servlet/oauth/update-consumer-info>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/templates/listpagetemplates.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/templates/createpagetemplate.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/spacepermissions.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/pages/listpermissionpages.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/removespace.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/importmbox.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/viewmailaccounts.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/addmailaccount.action?>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/importpages.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/flyingpdf/flyingpdf.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/exportspacehtml.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/spaces/exportspacexml.action>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/embedded-crowd>
Include sysadmin_ips_only.conf
</Location>
<Location /confluence/plugins/servlet/upm>
Include sysadmin_ips_only.conf
</Location>

P2 Copyright © 2014 - 2018, OSSEZ LLC