Jira Service Management Automation page fails to render with HTTP 400 error

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Automation Page (<baseurl>/rest/servicedesk/automation/1/ruleset/blueprint/com.atlassian.servicedesk:sd-automation-transition-on-comment-blueprint/project/OS) fails to render in Jira Service Management when using Microsoft IIS. 

Diagnosis

Environment

  • Jira 7.3.7 and above (could affect other versions)
  • Reverse Proxy: Microsoft IIS 8.5

Diagnostic Steps

  1. Navigate to Jira Administration » Server » Logging and profiling
    1. Enable HTTP Access Logging
    2. Enable HTTP Dump Logging
  2. Capture a HAR file for the Service Management Automation page that is displaying incorrectly and review it for HTTP 400 errors. 



  3. Navigate back to Jira Administration » Server » Logging and profiling
    1. Disable HTTP Dump Logging
    2. Disable HTTP Access Logging
  4. Open up $Jira_HOME/log/atlassian-jira-http-dump.log
    1. Search for plugin:sd-automation and it does not appear in atlassian-jira-http-dump.log
    2. This means that IIS has not let the Browser URL request through to Jira Server

Additional Diagnostic Steps

  1. Examine the URL with the 400 error and check whether there is a colon (:) character in the URL
  2. Check the Windows Event Viewer on the IIS Server for the following A potentially dangerous Request.Path value was detected from the client error:


Event code: **** 
Event message: An unhandled exception has occurred. 
Event time: 18/09/2017 5:02:11 PM 
Event time (UTC): 18/09/2017 7:02:11 AM 
Event ID: ******* 
Event sequence: 34 
Event occurrence: 5 
Event detail code: 0 
 
Application information: 
    Application domain: ************* 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: *************  
    Machine name: ***** 
 
Process information: 
    Process ID: **** 
    Process name: w3wp.exe 
    Account name: IIS APPPOOL\***** 
 
Exception information: 
    Exception type: HttpException 
    Exception message: A potentially dangerous Request.Path value was detected from the client (:).
   at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)


 
Request information: 
    Request URL: http://************/jira/rest/servicedesk/automation/1/ruleset/blueprint/com.atlassian.servicedesk:sd-automation-transition-on-comment-blueprint/project/OS?_=1505718131720 
    Request path: /jira/rest/servicedesk/automation/1/ruleset/blueprint/com.atlassian.servicedesk:sd-automation-transition-on-comment-blueprint/project/OS 
    User host address: ****** 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: IIS\***** 
 
Thread information: 
    Thread ID: **
    Thread account name: IIS\*****
    Is impersonating: False 
    Stack trace:    at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)


Cause

Microsoft IIS 8.5/Asp.Net 4.0+ comes with a very strict built-in request validation, part of it is the potential dangerous characters in the url which may be used in XSS attacks. Here are default invalid characters in the url:

< > * % & : \ ?

As (:) is part of the exclusion list, IIS does not allow the URL request from the Browser through to Jira Server.

Resolution

Resolution Method 1

Work with your IIS Administrator and make the following changes to the web.config file:

  1. Change the default from:

    <system.web>
        <httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,\,?" />
    </system.web>

    to (i.e. remove the colon):

    <system.web>
        <httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,\,?" />
    </system.web>
  2. A restart of IIS or the Windows Operating System may be required for the change to take effect

Alternative Resolution Method 2

Work with your IIS Administrator and make the following changes to the web.config file:

  1. Change the default from:

    <system.web>
        <httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,\,?" />
    </system.web>

    to the .Net 2.0 validation:

    <system.web>
        <httpRuntime requestValidationMode="2.0" />
    </system.web>
  2. A restart of IIS or the Windows Operating System may be required for the change to take effect


tip/resting Created with Sketch.

If you don't have a <system.web> section in your web.config file, then you can just add it before the closing </configuration> tag, and then restart IIS (or Windows) for the changes to take effect.

Last modified on Nov 23, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.