JIRA web page not hidden in web search page results - HELP Edited

Hello,

A few months ago, we have installed JIRA (and Java, therefore) on our own web server, which is a classical LAMP hosting several websites through Apache vhosts.

We then set up the DNS zone file of our domain, in order to have the address jira.ourdomain.com pointing to the JIRA application we just install, while www.ourdomain.com would stays as the address for our corporate website. It worked fine (after hours of reading documentations and headaches, though, since we absolutely don't know anything about Java).

But recently we noticed that this strange webpage : http://www.ourdomain.com/plugins/servlet/Wallboard/?dashboardId=10000

appears in Google search results when searching for our company.

What is this page and how to hide it or completely disable it from being visible and accessible to the public ? I've been looking at /opt/atlassian/jira/atlassian-jira/robots.txt file and added "Disallow *", but I don't see the link with this strange page.

Please help, this is a very important matter to us, we are thinking about uninstalling JIRA because of that.

Adrien Carpentier

2 answers

0 votes

Hello Adrien,

First please check your webhosting parameters for the domain, because you are serving Jira on the www domain and not (just) on the jira subdomain. Maybe you have some proxying going on or something's not configured properly. Ensure that requests going to www domain cannot reach jira.

Afterwards to block indexing on the jira subdomain:

Please edit the robots.txt and ensure it has these contents to disable all search engine access:

User-agent: *
Disallow: /

Ensure that when you browse to jira.domain.com/robots.txt the content above appears (you may need to restart Jira).

Further you can request Google to remove the page from indexing:

https://support.google.com/webmasters/answer/1663419?hl=en

Hello Eduard,

Thanks for your answer. I've been changing "Disallow: *" to "Disallow: /" in the robots.txt file. Could it be that the JIRA Servlet Plugin Module, or one of our JIRA modules using this plugin, is serving this webpage and that the /opt/atlassian/jira/atlassian-jira/robots.txt file is not controlling the plugins but only core JIRA?

Anyway, I really would prefer to ensure that all JIRA pages are completely and technically not accessible from the public web, through a .htaccess or a Java web server equivalent config, since robots.txt files are only a common practice by search indexing robots but not a technical protection.

How can we configure the JIRA/Java web server to really forbid access to all pages?

 

Thanks

Adrien

Hello Adrien,

About robots.txt, yes this is only to tell search engines not to index, it's not used by Jira in any way.

It seems to me you have Jira on the same IP address as the www domain and your front end server is proxying the request to Jira. You should edit the front end server configuration to only proxy requests to jira.domain.com and have another IP address for the subdomain, it will make it easier to manage access rules like firewalling. All main domain requests should be handled by other services (like you main website) and never by Jira.

Further you should probably firewall the jira service from the public internet and only allow internal network requests. 

Finally, you should ensure that Jira configuration does not allow Public access (only Private). When you set it up it asks you for either option. 

Also what Sherif said below, but I saw you already verified that.

0 votes

I guess this is a wallboard view of an empty dash board on your JIRA.

It seems that the boards is public which would allow any one to see the board if they are not logged in.

You would need to limit the permissions on the board to have it only viewable for logged in users.

If you limit the permission the wall board wouldn't be visible to any one.

Check this for more info on how to customize board permissions and sharing: https://confluence.atlassian.com/adminjiraserver/managing-shared-dashboards-938847879.html

Hi Sherif,

Thanks for your answer.

I've been looking at Shared Dashboard settings, there's no shared dashboard to display. I guess it's more something to do with the servlets, but I might be wrong.

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

259 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot