Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Web Application Firewall (WAF) configuration for Jira-Bitbucket integration

Michaël GENAY
Michaël GENAY
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 22, 2023

Hi,

We have Jira and Bitbucket DataCenter On-Premises.

Our security team requires that a WAF be placed in front of our BitBucket servers, filtering data coming from Jira (Bitbucket and Jira behing hosted in a different security zones).

Is there configuration guidelines, or can you please help us identify the right rules :

- Application language
- Allowed parameters, headers length
- Any whitelisting for parameters
- Response status codes
- Anything else :)

 

Best regards

Answer
Watch
Like Be the first to like this
1011 views

1 answer

1 vote
Mirek
Mirek
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 28, 2023

Hi @Michaël GENAY 

Adding WAF in front of an application is always good but "tricky". Good WAF knows applications and not block things that should not be blocked and does not create many false-positives..

I do not think that there is a standard set of rules that you can simply grab and use in WAF. There should be some default database that is updated all the time with new rules..

Bitbucket is a please to store code and if code it means that WAF would treat this more often as a problem and block it.. I suggest to simply try things out and if any problem work very closely with security team to identify what is a safe request what is not and modify exceptions.

I remember that when we introduced WAF many basic features where not working like search in JIRA or edit page in Confluence :).. but after some time when we tested.. we reduced number of false-positives and now do not see many problems.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events