-
Suggestion
-
Resolution: Unresolved
-
54
-
Issue Summary
When users need to use Webhooks, for example in automation, and the allow listing polices are enabled, the Atlassian IP's are automatically blocked and in order to be accessible they need to be added in the allowlist which uses 32 out of the available 100 -> 500 configurable IPs.
Steps to Reproduce
- Enable allow listing policies
- Attempt to use a webhook from an automation rule pointing to the originating instance.
- Unless the Atlassian IPs are added in the allowlisting policies the webhok operation fails.
Expected Results
Atlassian's own IPs should be allowed automatically even if the allowlisting policies are turned on. Also this shouldn't count toward the 100 limit provided to the customers
Actual Results
Atlassian IPs need to be manually added and they count towards the 100 -> 500 IP limit.
jira { "errorMessages": [ "The IP address has been rejected because it is not on the allowedlist. See your admin for more information." ], "errors": {} }
Workaround
Customer needs to manually add Atlassian's IPs in the allowlist.
[ACCESS-1002] Enabling allow listing policies automatically blocks Atlassian's own IPs
We have updated this ticket type to a "suggestion" to reflect that IP allowlisting is working as designed (and considering users who do not want Atlassian IPs automatically added). We'd love to hear more about your team's use cases to help guide consideration of any future changes, including the option to automatically allowlist Atlassian IP addresses.
All comments
This limitation interferes with security principles such as least privilege and hurts Atlassian's message of caring about security. Having a limit of IPs affects integrations with other platforms for companies that utilize allowlisting. I am having an issue with an integration that utilizes the Jira API, which has led me to this issue. Allowlisting is enabled but because Atlassian's IP range has, as another person mentioned, is over 122 IPs, we are seeing various issues.
It's like buying a new phone that has 128 GB of space, but the manufacturer loads a ton of bloatware on it, causing that 128 GB to actually be 64 GB. Atlassian's own IP space, is taking up too much space in what they offer as a 'feature'.
https://ip-ranges.atlassian.com/ now contains 122 distinct IPs while the whitelist still only allows 100.
Can the new feature improvements be linked here? Oh, they're probably internal-only. :-/
Closing as Not a bug.
I created a couple tickets as potential feature improvements
1. Increase the IP Allowlist IP limit beyond 100.
2. Look into adding Atlassian IPs to the default policy and/or exclude Atlassian IPs counting towards the default 100 limit.
Pinned by
Kat N
We have updated this ticket type to a "suggestion" to reflect that IP allowlisting is working as designed (and considering users who do not want Atlassian IPs automatically added). We'd love to hear more about your team's use cases to help guide consideration of any future changes, including the option to automatically allowlist Atlassian IP addresses.