Adding Comment Fails with "XSRF check failed" when Confluence is Accessed through VPN

Still need help?

The Atlassian Community is here for you.

Ask the community


When accessing Confluence through a VPN, due to the settings of some setups Confluence may detect content modifications/comment addition as a possible attack. In some cases, even if the comment Anti-XSRF mode is turned off, the following error message is still displayed when trying to Save comments to any Confluence page, when accessing Confluence through VPN:

Failed to save the comment: error: Not Found - XSRF check failed


This is a known bug that is being tracked here:  CONF-26485 - Getting issue details... STATUS


Enabling all custom headers in your VPN configuration should do the trick in most cases. 

For Juniper VPN the following steps shall be followed to get it working properly. 

Workaround for Juniper VPN

  1. Navigate to "User Roles"
    1. Create a new Role "WEB-Confluence"
    2. Do not configure anything, just create the empty role with default settings
  2. Navigate to "Resource Profiles" => "Web"
    1. Create a new Web Application Resource Profile
    2. Define Type "Custom" and Name "WEB-Confluence_RP"
    3. Define "Base URL" to the URL where you access Confluence
    4. Select "Show ALL autopolicy types"
    5. Enable "Autopolicy: Caching" and select "Smart"
    6. Save
    7. Select the Role from step 1 "WEB-Confluence"
    8. Save
    9. Define the Bookmark text and description as you like
    10. Save
  3. Navigate to "Resource Policies" => "Web" => "Custom Headers"
    1. Create a new Policy "WEB-Confluence_CH"
    2. Add the URL of Confluence, e.g. "http://confluence.example.local:8090" to Resources
    3. Select "Applies to selected Role only" and select the Role from step 1 "WEB-Confluence"


Last modified on Feb 23, 2016

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.