JIRA: HTTP Proxy Acess: Invalid anti-XSRF token provided

We have configured a Apache HTTP Web Server in front of JIRA 5.0.6 hosted under Apache Tomcat 6.0.28; basically using documentation found under

Integrating JIRA with Apache

We have however some problems in certain functionality such as performing plugin updates

  • When we try to perform a plugin update using the front end Apache HTTP Web Server; we get in the browser an error with:
    "Invalid anti-XSRF token provided. The valid token should be retrieved transparently, but you may want to perform a hard refresh in your browser and try again before creating a support issue"

If we perform the same operation directly on JIRA instance; it works as expected.

  • We have also other strange behaviors. The dialog for issue resolution does not close. We have to select cancel button or manually refresh the page. This time however the error with "Invalid anti-XSRF token provided" does not happen or is not visible.

We observe only the following different requests in access logs when we do update:

Request using Proxy: That Fails
"POST /jira/rest/plugins/1.0/updates/all?token= HTTP/1.1" 403 68

Request not using Proxy: That sucessed
"POST /jira/rest/plugins/1.0/updates/all?token=-8820719892638001786 HTTP/1.1" 202 201

Version Used:

  • Apache HTTP Server Version: 2.2.3
  • Apache Tomcat 6.0.35
  • Atlassian JIRA 5.0.6 (Installed as WAR Archive)

Note: The Tomcat Instance is dedicated only to serve JIRA


Bruno Antunes

3 answers

1 accepted

0 votes
Accepted answer

Sorry for my delay updating this.

The problem i was facing was caused also by the use of the module pagespeed (https://developers.google.com/speed/pagespeed/) ; that we have installed in this specific environment; It was not supposed to be used when accessing JIRA

Removing or disabling this module for JIRA; it works as expected.

The reported behavior happens always when using pagespeed, at least with its default configurations

got this error also today, disabling mod_pagespeed in apache helped to solve the problem when using mod_proxy also...

0 votes
David Currie Atlassian Team Mar 10, 2014

This could be due to a proxy config error, those docs have been updated in later versions - can you please try going through the docs in https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache- I suspect it may be that you may need the proxyName and proxyPort elements in the Tomcat connector.

Also are you using an outbound proxy to connect to the marketplace as per https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA- please ensure that it's set up as we recommend.

If you can show us your httpd.conf and the server.xml it will help to see what the reverse-proxy config is.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,303 views 5 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you