We would like to host Confluence in DMZ so that external users can also access the system. We have a DMZ zone hence is it recommended to host Confluence directly in there? Or, should we host only Apache in DMZ Zone and Application in Corporate, DB would anyways be in corporate.
During internal audit a vulnerability was identified in which DB password was found in Plain Text in DB Config File. So if somebody from external side hacks in with confluence directly hosted in DMZ zone, he will get access to the DB and may execute malicious commands. We want to ensure that the system and data is safe.
What would be Atlassian's recommendation.
As a general rule, put as little as possible in the DMZ.
Your Confluence server has no need to be in the DMZ if there is a proxy in the DMZ that can reach into your internal network to do the proxying of the applications.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.