Uploaded image for project: 'Automation for Cloud'
  1. Automation for Cloud
  2. AUTO-151

Automation for Jira: Provide a list of allowed ports in the "Send web request" action component for external Webhook URLs

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • 0
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Summary

      If an automation rule is setup with the "Send web request" action component which has an external webhook URL configured with a port number other than the allowed ports, the request will fail with the following error:

      Error 403 - Access Denied.
      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
      Your cache administrator is webmaster.
      Generated Wed, 17 Mar 2021 13:39:52 GMT by ip-xx-xxx-xxx-xx.net.atlassian.com (squid)

      The request is denied from Atlassian as the squid proxy only allows the following safe ports to be used in the destination URLs:

      80 8080 443 8443 8444 7990 8090 8085 8060

      Suggestion

      Provide the list of ports that are allowed to be used in the "Send web request" action component for external URLs.

      ***

      Currently, users can create automation rule with "Send Web Request" to any external URLs.
      This creates a risk of sensitive information getting leaked via "Send Web Request" to external sites.

      Please add a feature to allow auditing of external URLs being used in ""Send Web Request".

      1. log/notify admins of any new URLs being used with "Send Web Request" AUTO-109
      2. Allow admins to create a allowlist of domains/URLs that can be used with "Send Web Request"
      3. or, Add some sort of approval process, users have to get approval from admins before they can use an external URL with "Send Web Request"

          Form Name

            [AUTO-151] Automation for Jira: Provide a list of allowed ports in the "Send web request" action component for external Webhook URLs

              89403358cf11 Charlie Gavey
              b678926ca497 Bopanna
              Votes:
              38 Vote for this issue
              Watchers:
              49 Start watching this issue

                Created:
                Updated: