16
89
Customers have installed this app in at least 89 active instances.

    Prevent Anonymous Access

    by codecentric AGfor Jira Server 6.4 - 7.8.4 and more versions
    Versions available for Jira Server 6.3 - 6.3.15
    Unsupported
    This app isn't formally supported.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Unsupported
    This app isn't formally supported.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Get it nowFree app

    Secure your Jira server by only serving logged in users

    Secure your Jira server by only serving logged in users

    Protect filters which are shared with all users

    Protect dashboards which are shared with all users

    Redirecting all requests to the login form

    Accessing such filters (Example: https://your-jira-domain.com/secure/ManageFilters.jspa) redirects to the login form. Saved filters, filter owner incl. mail adress will be protected.

    Accessing your Jira dashboards (Example: https://your-jira-domain.com

    /secure/ConfigurePortalPages!default.jspa) redirects to the login form. Popular dashboard won't be shown to any anonymous user anymore.

    Next to popular filters and dashboards also the quicksearch and other content requests from your Jira instance will be redirected to the login form.

    More details

    Dashboards and filters can be shared with anyone. This also includes users which are not logged in (the "famous" anonymous users). This issue is opend and discussed here: https://jira.atlassian.com/browse/JRA-23255

    While Jira displays a warning message that such sharing may not have the intended consequences it is so far impossible for an admin to prevent the sharing or access without patching the Jira source code.

    A second problem is the quick search which can also be executed by an anonymous user and depending on the settings in the projects may or may not show some issues.

    The "Prevent Anonymous Access" add-on prevent these redirecting any requests to the login form.

    There is also a configurable whitelist to allow specific requests without login, for example to integrate with other tools.

    Reviews for cloud

    (16)
    Sign in to write a review
    by Cameron Birdwell on 2017-07-07
    This plugin complete screwed us up (7.3.1). - Crashed our gadgets - Forced integration with HipChat to be limited - Blocked JIRA from being a gadget feed for Confluence Hard to diagnose due to limited information in the logs and the fact that just disabling didn't fix anything. We had to completely uninstall and bounce the application to see everything get fixed Nice for what it did as JIRA should by default always redirect to the login page if a user is not logged in.
    Was this review helpful?YesNo
    by Miguel Angel Hernandez on 2017-02-14
    Great addon! It covers our security applications access policy.
    Was this review helpful?YesNo
    by Matt Doar [ServiceRocket] on 2017-02-08
    This worked nicely for me with JIRA 7.1.4, thank you. I like the ability to whitelist parts of JIRA, but it's also a good way to find any integrations that expect anonymous access to JIRA.
    Was this review helpful?YesNo
    by Alex Forster on 2017-01-25
    Works great after checking the "Rejected requests" page and adding appropriate whitelists. I was scared off by the low ratings, but the older reviews are out of date with the newest versions.
    Was this review helpful?YesNo
    by Brian Harvell on 2016-03-18
    Was really hoping this would work as the sharing model within Jira is really broken. If users share their filters with anyone it makes it so any anonymous user can gleam data from your system. Unfortunately this plugin breaks the integration with confluence (specifically if you are using Jira as the user directory you can't login after) but I'm sure there are other things that will break. The whitelist capability should be made configurable and also add the ability to whitelist IP addresses. This would make is much more functional and not break integrations.
    Was this review helpful?YesNo
    codecentric AG

    The whitelist has been made configurable with version 2.0. This should increase the chances that the add-on is useful in your case.

    About filtering based on the IP address: a nice idea which hasn't come to my mind.

    Read more reviews

    Reviews for server

    (16)
    Sign in to write a review
    by Michael Lasonde on 2018-02-22
    I like the plugin but am having an issue trying to whitelist the approvals page in Jira. Screen just comes back blank I can white list each individual case but thats not ideal. Would someone be able to share a blanket whitelist scheme the url is the same for all the approvals except for the last set of characters that ends in /AW-1234... Example url would be. https://abc-services.domain.com/servicedesk/customer/portal/10/AW-1234
    Was this review helpful?YesNo
    codecentric AG

    Hi Michael,

    thanks for your feedback. May I ask you to provide some more details via our service desk customer portal.

    https://jira.codecentric.de/projects/APP/queues/custom/6

    I need to understand how you want to use the service desk. What are the Urls you want to access in an anonymous way. What regular expressions are you using for the whitelist entry and finally what are the project roles and permission settings.

    Thanks for your support,

    Cheers

    Heiko

    Product Owner at Codecentric

    by Cameron Birdwell on 2017-07-07
    This plugin complete screwed us up (7.3.1). - Crashed our gadgets - Forced integration with HipChat to be limited - Blocked JIRA from being a gadget feed for Confluence Hard to diagnose due to limited information in the logs and the fact that just disabling didn't fix anything. We had to completely uninstall and bounce the application to see everything get fixed Nice for what it did as JIRA should by default always redirect to the login page if a user is not logged in.
    Was this review helpful?YesNo
    by Miguel Angel Hernandez on 2017-02-14
    Great addon! It covers our security applications access policy.
    Was this review helpful?YesNo
    by Matt Doar [ServiceRocket] on 2017-02-08
    This worked nicely for me with JIRA 7.1.4, thank you. I like the ability to whitelist parts of JIRA, but it's also a good way to find any integrations that expect anonymous access to JIRA.
    Was this review helpful?YesNo
    by Alex Forster on 2017-01-25
    Works great after checking the "Rejected requests" page and adding appropriate whitelists. I was scared off by the low ratings, but the older reviews are out of date with the newest versions.
    Was this review helpful?YesNo
    Read more reviews

    Pricing

    Basic support resources are available for this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Versions

    Version 2.4 Jira Server 6.4 - 7.8.4 Released 2018-03-15

    Summary

    Compatibility with Jira 7.8.0

    Installation

    1. Log into your Jira instance as an admin.
    2. Click the admin dropdown and choose Add-ons. The Manage add-ons screen loads.
    3. Click Find new add-ons from the left-hand side of the page.
    4. Locate Prevent Anonymous Access via search. Results include app versions compatible with your Jira instance.
    5. Click Install to download and install your app.
    6. You're all set! Click Close in the Installed and ready to go dialog.

    To find older Prevent Anonymous Access versions compatible with your instance, you can look through our version history page.

    Similar apps