[JRASERVER-28458] Improve JIRA compatibility with OWASP ModSecurity Core Rule Set (CRS) - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Suggestion
Status: Gathering Interest (View Workflow)
Resolution: Unresolved
Fix Version/s: None
Component/s: None
Labels:
- affects-server

UIS:
5
Support reference count:
3
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

Problem Definition

Currently JIRA seems not to be 100% compatible with the security rule specs defined in OWASP ModSecurity Core Rule Set (CRS).
The rule set is not only used by apache mod_security, but also is used by a big number of content distribution network (CDNs) providers and also by major cloud service providers like Microsoft Azure Application Gateway web application firewall.

Why this is important

Enterprise customers using CDNs and Cloud services such as MS Azure are more likely to enable OWASP WAF rules on their infrastructure, with JIRA not able to be 100% compatible, those rules will prevent many JIRA functionalities from working as expected.

Enforcing WAF rules is very useful for businesses as it makes their infrastructure more robust against attacks.

Attachments

Issue Links

relates to

JRACLOUD-28458 Improve JIRA compatibility with mod_security

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Sherif Abdelfattah (Inactive)

Votes:: 23 Vote for this issue

Watchers:: 30 Start watching this issue

Dates

Created:: 01/Jun/2012 7:41 PM

Updated:: 15/Jan/2021 12:17 AM