Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

Can we hide or provide domain name in place of IP address shown under trusted proxy servers in Crowd application?

Kamal Saini1
Kamal Saini Mar 17, 2013

In crowd under Administration > Trusted proxy servers, we have added some of the IP address of the applications which are integrated with Crowd.

When our team work on security testing of Crowd application then testing reports an issue where Private IP addresses are getting diclosed on this URL. As it is a threat for comapny infrastructure because discovering the private addresses used within an organization can help an attacker in carrying out network-layer attacks aiming to penetrate the organization's internal infrastructure.

Can anyone please let me know if we have any other way to provide these machine names under "Trusted Proxy Servers" link? For an example : can we provide domain name there or any other solution?

Thanks,

Kamal

Answer
Watch
Like Be the first to like this
162 views

1 answer

1 accepted

1 vote
Answer accepted
JohnA
JohnA Mar 25, 2013

Hi Kamal,

I'm sorry to say that at the moment I believe the only option is to list te IP addresses of the proxies under the Trusted Proxies section as these are required for Crowd to correctly parse the header and understand that the packets have been forwarded by a known and trusted proxy. Unfortunately I don't believe it would be possible to change this without physically modifying the source code of the application to change how it handles the entire trusted proxies functionlaity and I'm not aware of any other workaround you could implement to mitigate against the IP addresses being exposed to people who have access to the Trusted Proxies section.

All the best,
John

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
Community showcase
Vitalii Blinovskov
Vitalii Blinovskov
Published in Jira

Admins, notify your Jira instance of system-wide changes with the new admin announcement banner

Hi All! We’re excited to share the launch of an announcement banner that lets Jira site administrators communicate directly to their users across their  Jira Cloud instance.  ...

835 views 17 21
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you