Content
View differences
Updated by Andrej Sandorf 13 days ago
### Steps to reproduce
1. Have a Jira DC installed on a [private IP address](https://en.wikipedia.org/wiki/Private_network) like 10.1.2.3 or 192.168.17.4, and have a dns name pointing to that IP address
2. Go to the Jira migrator and add a configuration
3. Add the url and token
4. Click "Test configuration"
### What is the buggy behavior?
* Due to ssrf protection, the access to the ip is blocked and the following error is displayed: "Connection error: Failed to connect to Jira server: Hostname 'xxx.com' has no public ip addresses"
### What is the expected behavior?
1. It It's fine to have an error message, but it should be actionable and/or helpful or we'll have support requests. OpenProject can detect that the IP is private and will be blocked, and explain that the IP address should be added to `OPENPROJECT_SSRF_PROTECTION_IP_ALLOWLIST`.
1. Please see `modules/webhooks/app/services/webhooks/outgoing/request_webhook_service.rb` : it catches `SsrfFilter::PrivateIPAddress` and displays a specific error message: `Connection blocked: "<error message> - If this is intentional, add the Jira host resolves IP to a private IP address. If your Jira instance runs on an internal network, allow its IP the allowlist via the OPENPROJECT_SSRF__PROTECTION__IP__ALLOWLIST OPENPROJECT\_SSRF\_PROTECTION\_IP\_ALLOWLIST environment variable. Please see our`[`documentation.`](https://www.openproject.org/docs/installation-and-operations/configuration/ssrf-protection/?go_to_locale=en)
2. Documentation for SSRF protection exists and is **linked** in the test connection functionality and the Jira migrator documentation
variable."
### Screenshots and other files
<img class="image_resized op-uc-image op-uc-image_inline" style="width:491px;" src="/api/v3/attachments/921139/content">
### Environment information
**OpenProject installation type**
* Docker-compose installation
**OpenProject version**
17.4.0
1. Have a Jira DC installed on a [private IP address](https://en.wikipedia.org/wiki/Private_network) like 10.1.2.3 or 192.168.17.4, and have a dns name pointing to that IP address
2. Go to the Jira migrator and add a configuration
3. Add the url and token
4. Click "Test configuration"
### What is the buggy behavior?
* Due to ssrf protection, the access to the ip is blocked and the following error is displayed: "Connection error: Failed to connect to Jira server: Hostname 'xxx.com' has no public ip addresses"
### What is the expected behavior?
1. It
1. Please see `modules/webhooks/app/services/webhooks/outgoing/request_webhook_service.rb` : it catches `SsrfFilter::PrivateIPAddress` and
2. Documentation for SSRF protection exists and is **linked** in the test connection functionality and the Jira migrator documentation
<img class="image_resized op-uc-image op-uc-image_inline" style="width:491px;" src="/api/v3/attachments/921139/content">
### Environment information
**OpenProject installation type**
* Docker-compose installation
**OpenProject version**
17.4.0