Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-69253

Provide a way to whitelist IPs for REST API basic authentication

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • REST API
    • None
    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem Definition

      • Currently Jira doesn't provide a way to restrict or whitelist source IPs (JRASERVER-67452) for remote API interaction at all. One of the challenges of implementing a workaround for this at proxy/network environment level is that the REST API URL patterns for the public API are also often used by requests triggered from the UI. So there is a risk of blocking normal UI based requests while intending to block remote API calls.

      Suggested Solution

      One way to constrain remote API usage to some extent may be to limit or restrict the use of basic auth for REST API. Provide facility or configuration to restrict basic authentication requests to whitelisted IPs.

      Attachments

        Issue Links

          relates to

          Suggestion - JRASERVER-68126 Ability to disable basic authentication in Jira

          • Closed

          Activity

            People

              Unassigned Unassigned
              takindele Taiwo Akindele (Inactive)
              Votes:
              11 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated: