Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Hardening existing Confluence for Internet deployment

David Sidwell
David Sidwell
Contributor
April 28, 2013

Hello all. I'm looking for advice to pass on to our (outsourced) IT support. We have a LAN Confluence working already, with Internal (private) pages as well as 1 or 2 new Spaces we wish the public to see. For assorted reasons, we are considering shfiting this whole Confluence deployment to (say) a DMZ and locking it down, so that only the 2 'customer' Spaces are viewable by "the public" - but internal people will still have the same access to the other Spaces.

Is there a Guide on preparing our Confluence for this change? I'm thinking of what used to be called "hardening" of apps in Ye Olde Days :-) Any ideas welcomed. Thanks

Answer
Watch
Like Ali likes this
657 views

4 answers

1 accepted

4 votes
Answer accepted
Ryan Goodwin
Ryan Goodwin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Hi David,

One idea I know other customers have used is to have a private wiki (which you already do) where the spaces for another instance of confluence, (public with anonymous access) is used as a publish site for those spaces. The publish add-on can be used, or space export/import can be used also:

https://marketplace.atlassian.com/plugins/com.comalatech.publishing

The public wiki needs only an administrator, maybe a space admin or two, and then anonymous access for all your public users. This would keep the license count need to the 10 user seat not really adding a substancial cost ($10 which is donated straight to charity :) ).

Then there is no sensitive information in the public wiki, it can be placed in a DMZ area with no connections to your companies super-secret wiki and should be very easy to maintain with the add-on or using scheduled space export/import and some simple scripts.

Hope this helps!

Reply
4 votes
JohnA
JohnA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Hi David,

I don't believe we have any documentation for this but one method would be to use a web server or proxy to limit access to certain parts of the wiki as a further hardenning against external threats from the DMZ. For example, I would have thought that you could use Apache to prevent users from hitting any parts of the wiki that you don't want them to be able to access but I'm sorry to say that my knowledge of Apache isn't sufficient to advise on the exact configurations to use but the access control options should point you in the right direction.

Confluence provides relatively few tools to protect itself against external threats, so I would strongly recommend that you implement the usual hardenning approaches using external components to mitigate the threat before it is able to access the application.

All the best,
John

Reply
0 votes
David Sidwell
David Sidwell
Contributor
May 2, 2013

Thanks again everyone. It seems the requirments are changing and we are now looking at a subset of the pages and using Confluence on Demand. Watch this Space (see what I did there?)

I'm not across the Karma system fully, so apologies if I haven't done the right thing via you kind people.

Reply
0 votes
Matthew J. Horn
Matthew J. Horn
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 28, 2013

Check permissions and make sure that edit for all users is off. ;)

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.