使用 Apache 来限制访问 Confluence 6 的管理员界面

FireCoder 2018-08-10

限制特定的 IP 地址可以访问管理员后台

Confluence 的管理员控制台界面对整个应用来说是非常重要的,任何人访问 Confluence 的控制台不仅仅可以访问 Confluence 安装实例,同时还可以访问整个服务器。我们可以限制 Confluence 的管理员控制台的访问给真正需要使用的人和使用强密码的方式。你可以考虑只有网络上的部分机器能够访问 Confluence 的管理员控制台或者只有内部网络的机器才可以访问控制台。如果你使用的是 Apache web server,这个限制可以在 Apache 端进行配置,按照下面的方法进行配置:

1. 创建一个定义权限的设置

这个文件可以在 Apache 的配置目录中或者系统全局目录中。例如这个配置文件我们可以命名为 "sysadmin_ips_only.conf"。这个配置文件应该包含有下面的内容:

Order Deny,Allow
Deny from All
 
# Mark the Sysadmin's workstation
Allow from <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD61_CfCSLl6vq3GfcG-x-ZMT/" rel="nofollow" title="192.168">192.168</a>.<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD634FpYMwlOA2SLRW2tEo2Kl/" rel="nofollow" title="12.42">12.42</a>

2. 添加这个文件到你的虚拟主机中

在你的 Apache 虚拟主机(Apache Virtual Host)配置文件中,添加下面的行来限制系统管理员可以进行的管理操作:

这个配置是是基于你已经安装 Confluence 在 '/confluence' 目录下。如果你的 Confluence 是安装在 '/' 下或者其他的路径下,仅添加相关的路径即可。

<Location /confluence/admin>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/list>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/oauth/view-consumer-info>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/list>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/oauth/service-providers/add>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/oauth/consumers/add-manually>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/oauth/update-consumer-info>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/pages/templates/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD61CiDSeSPE0QrY2AFWe-bnO8nOBRba1m3bZApT7U4dW8A/" rel="nofollow" title="listpagetemplates.action">listpagetemplates.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/pages/templates/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD62VSjWs0zT_ZTbyFpv7jxVHFRi3AkUxQdQBymTc24mJFA/" rel="nofollow" title="createpagetemplate.action">createpagetemplate.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD60NaOi7mEOim92s0A1Qe2F5sRQiuAHyJaa7BJASoV8i2A/" rel="nofollow" title="spacepermissions.action">spacepermissions.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/pages/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD60rNyphIEhnhv29Ka3dhJY1EfxvezDQ_Am3mNMHM5at2A/" rel="nofollow" title="listpermissionpages.action">listpermissionpages.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD617pT_1ucL8R-l3sb6PplotM9c5KkeJRtpJuWTAOAtL2w/" rel="nofollow" title="removespace.action">removespace.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD618WfsrexNyuj9kGlYOWNyGgsYlEDp0kL8_ObJi7CCw_Q/" rel="nofollow" title="importmbox.action">importmbox.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD63lNmBFH39J8gFpNkWx8Hlc5gYlu2098f4EStPNobgpCg/" rel="nofollow" title="viewmailaccounts.action">viewmailaccounts.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD62dRkiJzjSkLwTphJn8qrX0DdIdBtkAmOIFtvbOINHAVw/" rel="nofollow" title="addmailaccount.action?">addmailaccount.action?</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD638gOOz6VjNRhmVaA5UO0NWM9c5KkeJRtpJuWTAOAtL2w/" rel="nofollow" title="importpages.action">importpages.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/flyingpdf/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD60MWDMOHqyCZY4LsAbHXT5Y730yow8ON77ZYJBqHLIfUg/" rel="nofollow" title="flyingpdf.action">flyingpdf.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD62KBnfZdx_UlChm6jZHSlt98x1NO4rxbG1CQ2vXBrQpJQ/" rel="nofollow" title="exportspacehtml.action">exportspacehtml.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/spaces/<a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD62KBnfZdx_UlChm6jZHSlt9YIhVd8k7oiYjqCjuXShLOw/" rel="nofollow" title="exportspacexml.action">exportspacexml.action</a>>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/embedded-crowd>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>
<Location /confluence/plugins/servlet/upm>
  Include <a target="_blank" href="https://www.ancii.com/link/v1/aWNkkFZ_ySKXq8H4-S6bJz9fTk0H0KrGGyVAICrkD6103ooI4zeMNgF_AWmEN3A-g3Vc-Uuxrgt-TZJevGTTyw/" rel="nofollow" title="sysadmin_ips_only.conf">sysadmin_ips_only.conf</a>
</Location>

https://www.cwiki.us/display/CONF6ZH/Using+Apache+to+limit+access+to+the+Confluence+administration+interface

相关推荐