Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Prevent-anonymous-access breaks Confluence

Monica Rainey
Monica Rainey July 17, 2015

I installed Prevent-anonymous-access which resulted in all users being unable to access Confluence.

JIRA works fine with Prevent-anonymous-access enabled, but Confluence doesn't work.  How can this be fixed?

Answer
Watch
Like Be the first to like this
464 views

2 answers

1 accepted

2 votes
Answer accepted
Rodrigo Girardi Adami
Rodrigo Girardi Adami
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 17, 2015

Hi Monica,

Is this a third party plugin? I could find this one for JIRA. It's not necessary to install third party plugins to avoid anonymous access. I could find an answer that can help you to configure the anonymous access stated here:

https://answers.atlassian.com/questions/247207

I hope this helps!

cheers,

Rodrigo

View More Comments
Monica Rainey
Monica Rainey July 21, 2015

Thank you for your suggestions.  Yes "Prevent-anonymous-access" is an add-on.  But it breaks Confluence when I enable it in JIRA.  I tried the alternative of removing all 'Anyone' permissions and we were already in Private mode but I can still see our filters without logging in. sad 

Like
Brian Harvell2
Brian Harvell March 16, 2016

Rodrigo, unfortunately it doesn't look like you can block anonymous access to the issue navigator and once there you can search for filters and see their names. If someone names a filter with sensitive information and it is shared with anyone anonymous users will be able to see it. I found the prevent-anonymous-access JIRA plugin and it was great until I realized it broke logins to confluence because we are using JIRA as the directory server. I assume some URL needs to be whitelisted in that plugin.

Like
Erik Petzold
Erik Petzold January 20, 2017

Hi @Rodrigo Adami,

as mentioned before, single users can share filters and dashboards with "everyone", which means the can be accessed from anonymous users. This has nothing to do with your project settings. Also quicksearch on the login screen leaks some information, like custom field names.

Hi @Brian Harvell,

the Plugin has a whitelist for a while now, did you try that out?

Like
Reply
0 votes
Erik Petzold
Erik Petzold January 20, 2017

Hi Monica,

regardless your question is quite old now, I will answer it, as other users may find it. There is the possibility to allow specific url patterns for anonymous access by configuring a whitelist. You can create whitelist entries directly from the log of blocked requests, see the documentation for details.

Integrations with other Atlassian Tools are on the default whitelist and should work with current versions.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events