-
Suggestion
-
Resolution: Unresolved
-
None
-
0
-
Summary
If an automation rule is setup with the "Send web request" action component which has an external webhook URL configured with a port number other than the allowed ports, the request will fail with the following error:
Error 403 - Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster. Generated Wed, 17 Mar 2021 13:39:52 GMT by ip-xx-xxx-xxx-xx.net.atlassian.com (squid)
The request is denied from Atlassian as the squid proxy only allows the following safe ports to be used in the destination URLs:
80 8080 443 8443 8444 7990 8090 8085 8060
Suggestion
Provide the list of ports that are allowed to be used in the "Send web request" action component for external URLs.
***
Currently, users can create automation rule with "Send Web Request" to any external URLs.
This creates a risk of sensitive information getting leaked via "Send Web Request" to external sites.
Please add a feature to allow auditing of external URLs being used in ""Send Web Request".
- log/notify admins of any new URLs being used with "Send Web Request" AUTO-109
- Allow admins to create a allowlist of domains/URLs that can be used with "Send Web Request"
- or, Add some sort of approval process, users have to get approval from admins before they can use an external URL with "Send Web Request"
- is duplicated by
-
- Closed
- relates to
-
- Closed
[AUTO-151] Automation for Jira: Provide a list of allowed ports in the "Send web request" action component for external Webhook URLs
| Remote Link | New: This issue links to "Page (Confluence)" [ 909819 ] |
The idea for admins to determine the list of Ports is a good one.
One of the disadvantages provided is: "This creates a risk of sensitive information getting leaked via "Send Web Request" to external sites.". If admins determine the ports, its their responsibility right?
| Labels | Original: enterprise | New: enterprise jsw-s13 |
| Labels | Original: Automation_Move_JSW | New: enterprise |
| Description |
Original:
h3. Summary
If an automation rule is setup with the "Send web request" action component which has an external webhook URL configured with a port number other than the allowed ports, the request will fail with the following error: {code:java} Error 403 - Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster. Generated Wed, 17 Mar 2021 13:39:52 GMT by ip-xx-xxx-xxx-xx.net.atlassian.com (squid){code} The request is denied from Atlassian as the squid proxy only allows the following safe ports to be used in the destination URLs: {code:java} 80 8080 443 8443 8444 7990 8090 8085 8060{code} h3. Suggestion Provide the list of ports that are allowed to be used in the "Send web request" action component for external URLs. |
New:
h3. Summary
If an automation rule is setup with the "Send web request" action component which has an external webhook URL configured with a port number other than the allowed ports, the request will fail with the following error: {code:java} Error 403 - Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster. Generated Wed, 17 Mar 2021 13:39:52 GMT by ip-xx-xxx-xxx-xx.net.atlassian.com (squid){code} The request is denied from Atlassian as the squid proxy only allows the following safe ports to be used in the destination URLs: {code:java} 80 8080 443 8443 8444 7990 8090 8085 8060{code} h3. Suggestion Provide the list of ports that are allowed to be used in the "Send web request" action component for external URLs. *** Currently, users can create automation rule with "Send Web Request" to any external URLs. This creates a risk of sensitive information getting leaked via "Send Web Request" to external sites. Please add a feature to allow auditing of external URLs being used in ""Send Web Request". # log/notify admins of any new URLs being used with "Send Web Request" AUTO-109 # Allow admins to create a allowlist of domains/URLs that can be used with "Send Web Request" # or, Add some sort of approval process, users have to get approval from admins before they can use an external URL with "Send Web Request" |
| Remote Link | New: This issue links to "Page (Confluence)" [ 721153 ] |
| Component/s | Original: Automation [ 68402 ] | |
| Key | Original: JSWCLOUD-22647 | New: AUTO-151 |
| Workflow | Original: JAC Suggestion Workflow JSWCLOUD [ 4266903 ] | New: JAC Suggestion Workflow 3 [ 4299404 ] |
| Project | Original: Jira Software Cloud [ 18511 ] | New: Automation [ 22610 ] |
| Assignee | New: Charlie Gavey [ 89403358cf11 ] |
need flexibility