Add a custom filter
We did our best to secure every sensitive user data within Confluence and Linchpin. But there are many third-party plugins which provide their own resources and may expose too much information in an extranet.
Therefore we implemented the possibility to secure those resources by simply blocking them for extranet users.
This means the url is blocked, if the user
- is assigned to at least one extranet AND
- is not a user or space manager in at least one extranet AND
- is not a Confluence administrator AND
- the visibility configuration is set to "Global and Space Administrators and Extranet User Managers"
To add a custom filter simply insert the url to be blocked into the URL input field. You may skip the base url and the context path.
For example insted of http://yourinstance.de/confluence/browsepeople.action you may simply insert /browsepeople.action
There are certain urls that are not able to be blocked, as they may break your Confluence instance:
- /admin/*
- /download/*
- /images/*
- /plugins/servlet/upm
Blocking in this case means, that the user gets a "404 - Page not found" error (not "No Permission" error). This way there is no information exposed about the existence of a resource.