Problem Definition

• Currently Jira doesn't provide a way to restrict or whitelist source IPs (JRASERVER-67452) for remote API interaction at all. One of the challenges of implementing a workaround for this at proxy/network environment level is that the REST API URL patterns for the public API are also often used by requests triggered from the UI. So there is a risk of blocking normal UI based requests while intending to block remote API calls.

Suggested Solution

One way to constrain remote API usage to some extent may be to limit or restrict the use of basic auth for REST API. Provide facility or configuration to restrict basic authentication requests to whitelisted IPs.