Prevent-anonymous-access breaks Confluence

I installed Prevent-anonymous-access which resulted in all users being unable to access Confluence.

JIRA works fine with Prevent-anonymous-access enabled, but Confluence doesn't work.  How can this be fixed?

2 answers

1 accepted

This widget could not be displayed.

Hi Monica,

Is this a third party plugin? I could find this one for JIRA. It's not necessary to install third party plugins to avoid anonymous access. I could find an answer that can help you to configure the anonymous access stated here:

https://answers.atlassian.com/questions/247207

I hope this helps!

cheers,

Rodrigo

Thank you for your suggestions.  Yes "Prevent-anonymous-access" is an add-on.  But it breaks Confluence when I enable it in JIRA.  I tried the alternative of removing all 'Anyone' permissions and we were already in Private mode but I can still see our filters without logging in. sad 

Rodrigo, unfortunately it doesn't look like you can block anonymous access to the issue navigator and once there you can search for filters and see their names. If someone names a filter with sensitive information and it is shared with anyone anonymous users will be able to see it. I found the prevent-anonymous-access JIRA plugin and it was great until I realized it broke logins to confluence because we are using JIRA as the directory server. I assume some URL needs to be whitelisted in that plugin.

Hi @Rodrigo Adami,

as mentioned before, single users can share filters and dashboards with "everyone", which means the can be accessed from anonymous users. This has nothing to do with your project settings. Also quicksearch on the login screen leaks some information, like custom field names.

Hi @Brian Harvell,

the Plugin has a whitelist for a while now, did you try that out?

This widget could not be displayed.

Hi Monica,

regardless your question is quite old now, I will answer it, as other users may find it. There is the possibility to allow specific url patterns for anonymous access by configuring a whitelist. You can create whitelist entries directly from the log of blocked requests, see the documentation for details.

Integrations with other Atlassian Tools are on the default whitelist and should work with current versions.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

172 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you