BAD_XFORWARD_IP; Request not allowed from IP Address
問題
When using Trusted Applications, a request may fail with the error BAD_XFORWARD_IP, followed by the IP Address that failed. This causes the request to fail. All functionality between the two applications will not function correctly.
The following message will appear in the destination application log file:
BAD_XFORWARD_IP; Request not allowed from IP address: {0}; ["127.0.0.1"]診断
環境
- 2 つのアプリケーションがアプリケーション リンクを使って接続されている
- The authentication method used is Trusted Applications
原因
The X-Forwarded-For address in the header of the request coming from the source Source application is not trusted by the Destination application. Usually X-Forwarded-For refers to the client to the reverse proxy, in this case the IP address of the Source application, however with some proxy servers it might be modified manually. The "Incoming Authentication" does not list this IP Address in the "IP Patterns" section.
ソリューション
オプション 1
- Add the IP address of the Source
X-Forwarded-Forheader to the "IP Patterns" section. This must be added to the "Incoming Authentication" section of the Destination application.
Option 2
- Removing all IP Patterns from the "Incoming Authentication" will allow all requests to come into the Destination application.
Notes for Reverse Proxy Usage
Ensure that any IP addresses used by a reverse proxy are added to the "IP Patterns" section, if they differ from the Source application. You should also ensure that your Reverse Proxy is configured correctly.
Alternatively, you may wish to bypass the reverse proxy, and create an unproxied Application Link.
Atlassian recommends OAuth
All new Application Links are created using OAuth. It provides all of the functionality of Trusted Applications and Basic Authentication. OAuth allows applications to authenticate and authorise users without accessing their credentials.