You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I'm currently demoing Confluence and considering Confluence Cloud Premium because of the IP Allowlisting feature, which is mandatory for our use case.
We were full speed ahead, but a potential Atlassian Partner (platinum if it makes a difference) mentioned that there is a serious security issue with the IP Allowlisting and that they don't recommend their customers use it.
I've been looking around for any reference to the issue in the forum and online, but I haven't seen any mention. Since I'm not yet a paying customer of an Atlassian product, I can't access their help directly.
Is anyone aware of any security issues with the IP Allowlisting feature? Alternatively, is there a way to contact Atlassian directly for such questions if you're not a paying customer yet? Uncertainty on this issue is preventing me from becoming one.
Hi @Chuck Blakney ,
Every product will have security holes not yet discovered. I would advise chatting with an Atlassian Sales rep and have them open a ticket with your security concerns.
Note: We just migrated to cloud earlier this year and we evaluated Atlassian Access's IP restriction process. Due to the lack of controls at that time, we ended up restricting IP addresses in Azure instead.
Hope this helps a little.
@Chuck Blakney Welcome to the Atlassian community
What was the serious security issue that they told you about and who was the vendor? I am not aware of anything. I can also escalate this to Atlassian if you can provide some additional information.
That's what I'm trying to get to the bottom of. They didn't provide much detail, and I'm trying to find a second or more direct source. Just a comment about IP Spoofing. I've asked them for additional info, but they haven't provided any yet. Confusingly, they said if I used Jira Service Management as an entry point to get into Confluence using IP Allowlisting, it would be more secure, which confuses me. For some reason, they said IP Allowlisting was more secure for JSM than Confluence.
The partner's name is Valiantys.
Right now, I'm just trying to identify the risk profile, as I really need an economical way for a small number of content creators to post content to a much larger (20x) number of users for our internal knowledge base.
@Chuck Blakney Hopefully sales will be able to address your questions. IP Allow Lists only provide so much security so that should be kept in mind but I am not aware of any issues outside of what you would run into with any other IP-based security.