Search Bar redirects users to login page

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Performing searches in the search bar redirects the user to the login page. 

Environment

Confluence Server and Data Center
Reverse Proxy or Load Balancer

Diagnosis

In the HAR, we find Amazon Load Balancer (ALB) in use:

Example
Request on 2022-06-10T14:31:31.904Z
General:
Request URL: https://confluence.com/rest/experimental/search?cql=type=space%20and%20space.type=desc&expand=space.icon&limit=100&_=mars668HTTP Version: http/2.0Request method: GETRemote Address: 127.0.0.1
sec-ch-ua " Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"
AWSALB=xxxxxxxx; 
AWSALBCORS=xxxxxxxxxxxx
EndpointDescription
/rest/api/searchSearch content
/rest/api/content/searchSearch content by CQL
/rest/experimental/searchThis is a search function that is not fully released and documented. Used on some internal features. Class ExperimentalSearchResource

Cause


Confluence will typically work behind firewalls. However, there are some firewall rules which are known to cause issues in Confluence, in this case, AWS WAF

Most of the detected rules are related to SQL injections (or command injections). For an in-depth explanation of security practices used by Confluence, we recommend our Confluence Security Overview and Advisories guide. Quoting the information for SQL injections from that article:

SQL Injection

Confluence interacts with the database through the Hibernate Object-Relational mapper. Database queries are generated using standard APIs for parameter replacement rather than string concatenation. As such, Confluence is highly resistant to SQL injection attacks. 

However, we run into some cases where CQL is detected as a SQL injection and likely false positives. These can result in the search redirecting the user to the login page. 

Solution

You'll want to work with your security team to determine if the REST endpoint is discovered not to be any modification that could be performed at the application-level, and allow this traffic if it makes sense. 

(warning) Please review the following article for further security best practices on Confluence: Best Practices for Configuring Confluence Security.



Last modified on Oct 24, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.