Search Bar redirects users to login page
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Performing searches in the search bar redirects the user to the login page.
Environment
Confluence Server and Data Center
Reverse Proxy or Load Balancer
Diagnosis
In the HAR, we find Amazon Load Balancer (ALB) in use:
Request on 2022-06-10T14:31:31.904Z
General:
Request URL: https://confluence.com/rest/experimental/search?cql=type=space%20and%20space.type=desc&expand=space.icon&limit=100&_=mars668HTTP Version: http/2.0Request method: GETRemote Address: 127.0.0.1
sec-ch-ua " Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"
AWSALB=xxxxxxxx;
AWSALBCORS=xxxxxxxxxxxx
Endpoint | Description |
---|---|
/rest/api/search | Search content |
/rest/api/content/search | Search content by CQL |
/rest/experimental/search | This is a search function that is not fully released and documented. Used on some internal features. Class ExperimentalSearchResource |
Cause
Confluence will typically work behind firewalls. However, there are some firewall rules which are known to cause issues in Confluence, in this case, AWS WAF.
Most of the detected rules are related to SQL injections (or command injections). For an in-depth explanation of security practices used by Confluence, we recommend our Confluence Security Overview and Advisories guide. Quoting the information for SQL injections from that article:
SQL Injection
Confluence interacts with the database through the Hibernate Object-Relational mapper. Database queries are generated using standard APIs for parameter replacement rather than string concatenation. As such, Confluence is highly resistant to SQL injection attacks.
However, we run into some cases where CQL is detected as a SQL injection and likely false positives. These can result in the search redirecting the user to the login page.
Solution
You'll want to work with your security team to determine if the REST endpoint is discovered not to be any modification that could be performed at the application-level, and allow this traffic if it makes sense.
Please review the following article for further security best practices on Confluence: Best Practices for Configuring Confluence Security.