Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira and Confluence whitelist domains

KS
KS
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 18, 2022

Hi all, I recently received request from my app team to whitelist the domains name in our firewall for Jira & Confluence.

By looking at the list provided here, I'm surprise that Atlassian is requesting to whitelist lot of domain names including *.amazonaws.com & *.cloudflare.com. With this, it is in fact whitelisting more than millions of sites hosted at AWS and some of them might be for malicious purposes if I understand correctly. 

Did a search and most mentioned that it is a risk and some called the developer as being lazy by requesting that, the sites allowed is super duper huge and that is my main concern.

However as this is listed officially on Atlasssian website, I would like to know how other customer/user of Atlassian handle this. Products in used are Jira & Confluence on cloud. Thanks in advance.

 

Answer
Watch
Like Be the first to like this
1848 views

1 answer

0 votes
Pramodh M
Pramodh M
Community Champion
January 19, 2022

Hi @KS 

Welcome to the community 🙂

In addition to the URLs, the below list of IP ranges makes sure that you are getting connection from Atlassian products

So along with firewall, IP allowlist makes sure you are not getting any malicious calls from other websites

https://ip-ranges.amazonaws.com/ip-ranges.json

But we can check with Atlassian on this to double confirm

Please refer doc in below section on the info

https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/

Thanks,

Pramodh

View More Comments
KS
KS
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 19, 2022

Hi Pramodh,

First of all thank you for your reply. 

The IP ranges provided are from Amazon, but my concern is still whether I should trust ALL sites on Amazon. I supposed I should only trust those hosted on AWS, managed & controlled by Atlassian.

I'm aware of the IP ranges provided by Atlassian, so in that case wouldn't it be more appropriate to only whitelist the IP ranges instead of domain name? (I know IP might changed from time to time, but with your recommendation of the use of firewall IP allowlist, that doesn't make any difference)

And there is another confusion which at the outgoing connection section, it stated that "if your situation requires a shorter list... you can use..(another subset of ranges)". On security perspective, definitely the access/allowlist shall be granted only if it is required. So that also means the long list of IP ranges consists of some excessive IP addresses?

Thank you.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.