Unable to communicate with server. Saving is not possible at this moment.

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Users outside the corporate firewall are unable to save their work in Confluence and see "Unable to communicate with server. Saving is not possible at this moment." when attempting to publish a page containing a macro or any rich content (aside from just text).

The following appears in the atlassian-confluence.log:

ERROR [http-nio-8090-exec-256] [[Standalone].[localhost].[/].[file-server]] log Servlet.service() for servlet file-server threw exception
 -- referer: https://confluence.example.com/pages/createpage.action | url: /s/936181e7ea7af7533c2ce521eb0f0caf-CDN/en_GB/7202/e97769bbf919c0bd667762fc102f557beacb7f94/5e5370e4c43382b9f73b6ee2ab755b11/_/download/contextbatch/css/editor,atl.general,macro-browser,page,main,-_super/batch.css | traceId: 392f7777c0368bdc | userName: someuser
java.lang.RuntimeException: org.apache.catalina.connector.ClientAbortException: java.io.IOException: Connection reset by peer
	at com.atlassian.plugin.cache.filecache.impl.StreamsCache.streamFromFile(StreamsCache.java:140)
	at com.atlassian.plugin.cache.filecache.impl.OneStreamCache.stream(OneStreamCache.java:65)
	at com.atlassian.plugin.cache.filecache.impl.FileCacheImpl.cache(FileCacheImpl.java:100)
	at com.atlassian.plugin.webresource.impl.http.Controller.sendCachedInProduction(Controller.java:355)
	at com.atlassian.plugin.webresource.impl.http.Controller.sendCached(Controller.java:305)
	at com.atlassian.plugin.webresource.impl.http.Controller.serveResources(Controller.java:234)
	at com.atlassian.plugin.webresource.impl.http.Controller.serveBatch(Controller.java:111)
	at com.atlassian.plugin.webresource.impl.http.Router$5.apply(Router.java:92)
	at com.atlassian.plugin.webresource.impl.http.Router$5.apply(Router.java:83)
	at com.atlassian.plugin.webresource.impl.support.http.BaseRouter.callHandler(BaseRouter.java:197)
	at com.atlassian.plugin.webresource.impl.support.http.BaseRouter.dispatch(BaseRouter.java:163)
	at com.atlassian.plugin.webresource.servlet.PluginResourceDownload.serveFile(PluginResourceDownload.java:65)
	at com.atlassian.plugin.servlet.AbstractFileServerServlet.doGet(AbstractFileServerServlet.java:28)
	...
Caused by: java.io.IOException: Connection reset by peer

Diagnosis

Environment

  • Confluence 6.x
  • Collaborative Editing is disabled

Diagnostic Steps

  • Open Developer Tools in Chrome and reproduce the issue
    • Look for the following text in the Console output: 

      /rest/api/content?status=draft:1 Failed to load resource: net::ERR_CONNECTION_RESET
      /rest/tinymce/1/drafts:1 Failed to load resource: net::ERR_CONNECTION_RESET
  • The pattern is consistent outside the firewall (i.e. accessing Confluence on the public internet):
    • If you try to save a page with just text, the page will save with no problems.
    • If you try to save a page with any rich content (for example, macro>Children Display OR a LucidCharts image), them the save fails.
  • Inside the firewall (i.e. on the corporate network), the issue cannot be reproduced.
  • Confirm that you are not experiencing this bug:  CONFSERVER-52504 - Getting issue details... STATUS  
    • To confirm the issue in this article, there should not be any of the same logs found in this bug present
  • If Nginx sits between Confluence and the firewall, look for entries like this, indicating a malformed request (400 error, 0 bytes) was received from the client: 

    10.10.32.194, 10.10.66.12 - - [20/Sep/2018:21:08:55 +0000] "POST /rest/tinymce/1/drafts HTTP/1.1" 400 0 "https://confluence.example.com/pages/editpage.action?pageId=123456789" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"

Cause

Certain POST's containing a URL may cause a WAF (Web Application Firewall) to assume the POST is an XSS attack (false-positive) and thus flag & block it. Here' an example POST for the info macro:

Post data: draftId=0&pageId=123456789&type=page&title=Test Page&spaceKey=TEST&content=<div class=“contentLayout2”><div class=“columnLayout two-equal” data-layout=“two-equal”><div class=“cell normal” data-type=“normal”><div class=“innerCell” contenteditable=“true”><p>Simple text in this panel.</p></div></div><div class=“cell normal” data-type=“normal”><div class=“innerCell” contenteditable=“true”><table class=“wysiwyg-macro” style=“background-image: url(’https://confluence.example.com/plugins/servlet/confluence/placeholder/macro-heading?definition=e2luZm99&amp;locale=en_GB&amp;version=2'); background-repeat: no-repeat;” data-macro-name=“info” data-macro-schema-version=“1” data-macro-body-type=“RICH_TEXT”><tbody><tr><td class=“wysiwyg-macro-body”><p><br /></p></td></tr></tbody></table></div></div></div></div>&pageVersion=1


This causes the Confluence Editor to fail to publish the page, as the content added by the user in their browser never makes it to the Confluence server. It is blocked by the WAF and thus a 400 malformed request is sent to either the reverse proxy hosting Confluence, or tomcat.

Resolution

Review and update the WAF rules accordingly to allow legitimate traffic through for the above endpoint. The goal is not to allow any XSS attacks through, but instead to allow legitimate application data to be passed from the users' browser to Confluence. 


Last modified on Sep 25, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.