How to Restrict Access to Jira with Tomcat

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Atlassian provides limited support with Tomcat configurations. You'll want to ensure to test any suggestions before implementing into a production environment.

Increased security, ensuring that Tomcat/Jira can only be reached by the appropriate addresses

Environment

Jira Data Center

Solution

Tomcat provides multiple methods to allow control access, here are two of the possible options:

  1. Restricting which IP addresses that a defined connector port will listen on. http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Standard_Implementation

    1. Example: only allowing the host's loopback address (127.0.0.1) to connect to port 8080:

    2. Modify the Connector within server.xml:

      1 2 3 4 5 <Connector port="8080" protocol="HTTP/1.1" ... /> to <Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1" ... />
    3. Restart Tomcat

  2. Setting remote IP filters for addresses that will be allowed or denied: http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve

    1. Example: only allowing requests from the local address and from address with IP 192.168.1.1:

    2. Modify server.xml and add:

      1 2 3 4 5 6 <Engine name="Catalina" defaultHost="localhost"> ... <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1|192\.168\.1\.1"/> ... </Engine>
    3. Restart Tomcat

Updated on April 2, 2025

Still need help?

The Atlassian Community is here for you.