Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Disable / block ForgotUserDetails.jspa

Magnus Tamm September 16, 2019

Hi.

Is there any possibilities to disable ForgotUserDetails.jspa? So users can't use this link and can't do any get request or reset their password. 

 

Best wishes

Magnus Tamm

 

1 answer

1 accepted

0 votes
Answer accepted
Daniel Wong
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 16, 2019

Hi Magnus,

If you have user management done outside Jira (ie Crowd / Active Directory / LDAP) then you can turn on 'External User Management' in Jira's 'General Configuration' settings. This will disable the Forgot your password link on the login page.

KB for configuring Jira General Configuration options - https://confluence.atlassian.com/adminjiraserver073/configuring-jira-application-options-861253962.html

Alternatively, if your Jira instance sits behind a reverse proxy, you can block the /secure/ForgotLogindetails.jspa page directly at the reverse proxy level.

If you don't have a reverse proxy, you can try blocking it directly at Tomcat level. You can follow this KB to test this out - https://confluence.atlassian.com/kb/how-to-block-access-to-a-specific-url-at-tomcat-966668691.html

Suggest an answer

Log in or Sign up to answer