Hi everyone and thanks in advance for any ideas!
I am implementing a service to receive webhook calls. My problem is, that I need to know and identify who (which JIRA, server as well as on demand so IP is not enough) is sending the request.
I had a look at the webhook request, but don't see my info there. The structure is as follows:
Cache-Control: max-age=0
Content-Type: application/json; charset=UTF-8
Host: requestb.in
Total-Route-Time: 0
Accept: */*
Connect-Time: 2
X-Request-Id: e6112d27-1da6-49a0-be40-9db2e90bea73
User-Agent: Atlassian HttpClient 0.20.1 / JIRA-6.4-OD-14-082 (64012) / Default
Content-Length: 6075
Connection: close
Via: 1.1 localhost (Apache-HttpClient/4.3.2 (cache)), 1.1 squid-133-2.ash1.uc-inf.net:3128 (squid/2.6.STABLE21), 1.1 vegur
user_key: xxxxxxxx
user_id: xxxxxxxxx
None
{json raw string}
Any ideas about how to get the "origin" info? Thanks a lot!
Community moderators have prevented the ability to post new answers.
To close the deal.. After talking to the Atlassian support, it's been confirmed that there is no other way of knowing where the webhook request came from than digging into the raw json request body and finding the URL somewhere in the links.
There is nothing in the headers etc. So when it comes from a server instance, you get IP, when from Cloud, the IP is good for nothing and you should start digging or considering a parameter in the webhook request URL.
Not the best, but at least one knows.
At least there's clarity now.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Marketa,
I've never used requestb.in, however it's strange to me it doesn't list the origin-address. For cloud it's harder to find out and it would end up with either 1) using a different service that displays the source IP or 2) try to fire the webhook request against a server with access logs that offer these information (e.g. using Apache).
For JIRA server instances, it should be the public facing IP of the server resulting in either its own or the IP of a proxy the server/instance is using to connect to the internet. But either way, if the options above work out, they should apply here too.
I hope that helps!
Regards,
Philipp
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Philipp,
I need to say that in the final solution of course I don't use requestb.in. I used it only to visualize everything there is in the header.
I am using Apache, with reverse proxy, but found a mod that should be able to preserve the original request IP. The problem is really with the cloud, because there is just a bunch of addresses that are the same for "all of us" and don't allow any kind of further identification. I need a whole solution, one, for cloud/non-cloud and I need to be able to tell which client (from his JIRA instance) is sending me the request to proceed with further elaboration. And I really want to avoid digging into the JSON and looking for the domain in links:)
Another option is to use a parameter in the webhook, but only if not resolvable otherwise really.
Thanks a lot for your suggestions!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Marketa, yes, I understood the value of requestb.in for debug-in-development. It's just that I generally wondered that an important information like the IP is not rendered there. :) As for the actual issue, I unfortunately have no experience with webhooks in the the Atlassian Cloud environment, so I'm really limited to guessing on general technical experience. Since - as you say - the source IP of your cloud instance is shared through several others (which makes a lot of sense) it's probably indeed the easiest to add another parameter to the webhook that properly identifies your instance. That is, unless someone else comes up with an out-of-the-box answer. Sorry I couldn't help any further and I hope you'll succeed with your project! Regards, Philipp
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Philipp, I believe you are right about the parameter. I am talking with the support guys about this, so if by any chance there is something overlooked and useful, I'll be sure to post it here. Take care, Marketa
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Marketa, great, I'm looking forward to it. You never know when you'll need it. Regards, Philipp
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not entirely related to the original question, but does Atlassian have a JIRA Cloud page that documents what origin IP address(es) of the webhooks from JIRA Cloud would be (Bitbucket does this in their docs)? Reason being that we don't want to expose our hook processing server to the world, only to the "allowed" JIRA Cloud server IP addresses and/or address range.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Steve, of course,it is understandable. It's enough to whitelist the IPs listed here: https://confluence.atlassian.com/display/Cloud/Atlassian+Cloud+site+resources Careful though, they change over time, so I suggest watching the page for being notified on changes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.