Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Web Application Firewall (WAF) configuration for Jira-Bitbucket integration

Michaël GENAY
Michaël GENAY
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 22, 2023

Hi,

We have Jira and Bitbucket DataCenter On-Premises.

Our security team requires that a WAF be placed in front of our BitBucket servers, filtering data coming from Jira (Bitbucket and Jira behing hosted in a different security zones).

Is there configuration guidelines, or can you please help us identify the right rules :

- Application language
- Allowed parameters, headers length
- Any whitelisting for parameters
- Response status codes
- Anything else :)

 

Best regards

Answer
Watch
Like Mirek likes this
1724 views

1 answer

1 vote
Mirek
Mirek
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 28, 2023

Hi @Michaël GENAY 

Adding WAF in front of an application is always good but "tricky". Good WAF knows applications and not block things that should not be blocked and does not create many false-positives..

I do not think that there is a standard set of rules that you can simply grab and use in WAF. There should be some default database that is updated all the time with new rules..

Bitbucket is a please to store code and if code it means that WAF would treat this more often as a problem and block it.. I suggest to simply try things out and if any problem work very closely with security team to identify what is a safe request what is not and modify exceptions.

I remember that when we introduced WAF many basic features where not working like search in JIRA or edit page in Confluence :).. but after some time when we tested.. we reduced number of false-positives and now do not see many problems.

View More Comments
AliMAHMOODI
AliMAHMOODI
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 27, 2024

@Mirek 

Hi;

I recently add WAF in front of jira and it seams search feature is now working. I'm not expert in WAF and not too much experience doing this, I just followed some guides for this. My question is that I must disable the rule(s) that is blocking the request for that URI?\

Thanks for your help.

Like
Mirek
Mirek
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 29, 2024

Yes, when something is not working you have to identify the request and response. Depends on your WAF software you should get an ID od something in the response that would be reference to the blocking event.. Then on WAF side you have to add an exception to that request and check if that helped. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events