When using a reverse proxy (F5 LTM + APM Portal Access resource), there are consistent post from the client via rest and each response from the Jira server is a 403 resulting in a failed XSRF check. Looking at all of the GET and POST, I see a jsessionid and csrf token but for some reason the XSRF check still fails based on the Wireshark captures on the server side.
I have attempted the no-check header option with no success and not sure what else to do. Any insight is greatly appreciated.
Issue resolved based on the article (REST API calls and User-Agent headers) below but a little more info for anyone that may run into this in the future. If using LTM only for load balancing purposes, I am able to successfully able to access and authenticate to the Jira webpage and the functionality is great.
Once I introduced LTM + APM I began to see 403s (XSRF check failed) when the client sent a POST. This occurred whether I was just using APM to authenticate to a pool member or using a portal access resource. Due to these errors, images would not load when viewing projects and other items within Jira.
After reviewing the article regarding User-Agent headers for API calls, I created a local traffic policy to remove the User-Agent header from all POST HTTP methods. (Note, this can be done via iRule or local traffic policy)
Then reviewing a capture on the Jira server, you will see all POST's, no longer have the User-Agent header included and this does not include any other HTTP method.
As a result, loading the same page that resulted in the XSRF check failed error, now load.
Hello folks! To the member of organizations who are still running their Atlassian applications on the server, we are on the side of the bridge, and if we need to sail the boat with confidence either...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events