[CONFSERVER-93552] When loading the "List of limited accounts" on the "Rate limiting" admin page, Anonymous user exceptions are removed - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.9.0
Affects Version/s: 8.5.0, 8.5.3
Component/s: Data Center - Core
Labels:
None

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

When loading the "List of limited accounts" on the "Rate limiting" admin page, the anonymous user exception rules are deleted.

This only occurs if the Anonymous user (Anonymous accounts) have been rate limited and are displayed on the "List of limited accounts" page. It will also remove the Anonymous user from the list.

This is reproducible on Data Center: yes

Steps to Reproduce

Enable Anonymous access and rate limiting on your instance
Add an Exception rule to block all requests for the Anonymous user
Curl a rest API without authentication and receive "HTTP Status 429 – Too Many Requests"
Wait a few minutes to ensure the data has been updated in the database
Load the Rate limiting admin page and check the List of limited accounts for the user Anonymous

Expected Results

Anonymous user is in the List of limited accounts and the exception rule remains

Actual Results

Anonymous user is not in the List of limited accounts and the exception rule is removed

Workaround

Avoid loading the List of limited accounts after setting the exception rule

mentioned in: Page Failed to load

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.9.0
Affects Version/s: 8.5.0, 8.5.3
Component/s: Data Center - Core
Labels:
None

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

When loading the "List of limited accounts" on the "Rate limiting" admin page, the anonymous user exception rules are deleted.

This only occurs if the Anonymous user (Anonymous accounts) have been rate limited and are displayed on the "List of limited accounts" page. It will also remove the Anonymous user from the list.

This is reproducible on Data Center: yes

Steps to Reproduce

Enable Anonymous access and rate limiting on your instance
Add an Exception rule to block all requests for the Anonymous user
Curl a rest API without authentication and receive "HTTP Status 429 – Too Many Requests"
Wait a few minutes to ensure the data has been updated in the database
Load the Rate limiting admin page and check the List of limited accounts for the user Anonymous

Expected Results

Anonymous user is in the List of limited accounts and the exception rule remains

Actual Results

Anonymous user is not in the List of limited accounts and the exception rule is removed

Workaround

Avoid loading the List of limited accounts after setting the exception rule

mentioned in: Page Loading...

Assignee:: Edward

Reporter:: Edward

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 07/Dec/2023 6:26 AM

Updated:: 25/Feb/2025 1:11 PM

Resolved:: 02/Apr/2024 4:18 AM

Assignee:: Edward

Reporter:: Edward

Affected customers:: 1 This affects my team

Watchers:: 4 Start watching this issue

Created:: 07/Dec/2023 6:26 AM

Updated:: 25/Feb/2025 1:11 PM

Resolved:: 02/Apr/2024 4:18 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates

People

Dates