I'm running Confluence 4.2 on Windows (this particular Confluence installation is running on Windows Server 2003).

I have followed the Atlassian documentation to configure Confluence and the Apache HTTP server so that I can access Confluence via the Apache HTTP server at the following URL (using the default HTTP port, 80):

http://myserver/wiki

rather than via the Tomcat port:

http://myserver:8090

(I feel slightly unclean quoting those URLs without a trailing slash. Feel free to read those URLs as if they have a trailing slash.)

I am "front-ending" Confluence like this - using the Apache HTTP server - because I am introducing some Ajax queries into Confluence pages (using <script> elements inside HTML macros) to a REST API served by a different host. To avoid cross-domain scripting errors, I have also configured the Apache HTTP server as a proxy for that other host.

When a user accesses Confluence via the Apache HTTP server - http://myserver/wiki - all is good, because the Ajax queries embedded in the Confluence pages refer to a path on the same domain - http://myserver/rest/... - thus avoiding cross-domain scripting errors. That is, to the browser - thanks to the Apache HTTP server acting as a proxy - both the Confluence page itself and the Ajax queries are using the same domain.

However, if a user accesses Confluence via the "direct Tomcat URL", those Ajax queries fail.

So, I want to block "external" access to http://myserver:8090 (that is, access from outside the server; I still want the Apache web server - running on that web server - to be able to redirect to port 8090).

Using the Windows Firewall to block access to port 8090 seems an obvious choice. Any other recommendations?