Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-28458

Improve JIRA compatibility with OWASP ModSecurity Core Rule Set (CRS)

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • UIS:
      5
    • Support reference count:
      3
    • Feedback Policy:
      We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Problem Definition

      Currently JIRA seems not to be 100% compatible with the security rule specs defined in OWASP ModSecurity Core Rule Set (CRS).
      The rule set is not only used by apache mod_security, but also is used by a big number of content distribution network (CDNs) providers and also by major cloud service providers like Microsoft Azure Application Gateway web application firewall.

      Suggested Solution

      Need to make JIRA more compatible with the OWASP WAF rule set: https://coreruleset.org/faq/

      Why this is important

      1. Enterprise customers using CDNs and Cloud services such as MS Azure are more likely to enable OWASP WAF rules on their infrastructure, with JIRA not able to be 100% compatible, those rules will prevent many JIRA functionalities from working as expected.

      Enforcing WAF rules is very useful for businesses as it makes their infrastructure more robust against attacks.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              sabdelfattah Sherif Abdelfattah (Inactive)
              Votes:
              23 Vote for this issue
              Watchers:
              30 Start watching this issue

                Dates

                Created:
                Updated: