Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security Issue with IP Allowlisting in Confluence?

Chuck Blakney
Chuck Blakney October 2, 2023

I'm currently demoing Confluence and considering Confluence Cloud Premium because of the IP Allowlisting feature, which is mandatory for our use case. 

We were full speed ahead, but a potential Atlassian Partner (platinum if it makes a difference) mentioned that there is a serious security issue with the IP Allowlisting and that they don't recommend their customers use it. 

I've been looking around for any reference to the issue in the forum and online, but I haven't seen any mention. Since I'm not yet a paying customer of an Atlassian product, I can't access their help directly. 

Is anyone aware of any security issues with the IP Allowlisting feature? Alternatively, is there a way to contact Atlassian directly for such questions if you're not a paying customer yet? Uncertainty on this issue is preventing me from becoming one. 

Answer
Watch
Like Josh Arnold likes this
431 views

2 answers

0 votes
Jonathan Smith
Jonathan Smith
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 2, 2023

Hi @Chuck Blakney ,

Every product will have security holes not yet discovered. I would advise chatting with an Atlassian Sales rep and have them open a ticket with your security concerns.

https://www.atlassian.com/company/contact 

Note: We just migrated to cloud earlier this year and we evaluated Atlassian Access's IP restriction process. Due to the lack of controls at that time, we ended up restricting IP addresses in Azure instead. 

Hope this helps a little.

- Jon

View More Comments
Chuck Blakney
Chuck Blakney October 3, 2023

Thanks Jonathan, 

I sent a request for info with sales at the link you provided. We'll see what they come back with. 

Cheers, 

Like
Reply
0 votes
Brant Schroeder
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 2, 2023

@Chuck Blakney Welcome to the Atlassian community

What was the serious security issue that they told you about and who was the vendor?    I am not aware of anything.  I can also escalate this to Atlassian if you can provide some additional information.

View More Comments
Chuck Blakney
Chuck Blakney October 3, 2023

Hi Brant, 

That's what I'm trying to get to the bottom of. They didn't provide much detail, and I'm trying to find a second or more direct source. Just a comment about IP Spoofing. I've asked them for additional info, but they haven't provided any yet. Confusingly, they said if I used Jira Service Management as an entry point to get into Confluence using IP Allowlisting, it would be more secure, which confuses me. For some reason, they said IP Allowlisting was more secure for JSM than Confluence. 

The partner's name is Valiantys. 

Right now, I'm just trying to identify the risk profile, as I really need an economical way for a small number of content creators to post content to a much larger (20x) number of users for our internal knowledge base. 

Like
Brant Schroeder
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 3, 2023

@Chuck Blakney Hopefully sales will be able to address your questions.  IP Allow Lists only provide so much security so that should be kept in mind but I am not aware of any issues outside of what you would run into with any other IP-based security.  

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events