Automation Rules fail to run or can't be enabled/edited due to the error 'Provided URL is not present in Jira allowlist or request from anonymous users is not enabled'
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After an upgrade of Automation For Jira (A4J) to 9.x (or an upgrade of Jira to 9.11.x which ships with this A4J version), it might become impossible to edit or enable some automation rules due to the error Provided URL is not present in Jira allowlist or request from anonymous users is not enabled:
The affected rules will also fail to send the notification with the same error in the audit logs. This includes rules using any of the actions listed below:
Send HipChat message
Send Microsoft Teams Message
Send Slack message
Send Stride message
Send Twilio message
Send web request
This will most likely happen after upgrading Automation for Jira to v9 and above. However, the behaviour may also be seen in any version of Automation after v7.3.
Diagnosis
When checking the audit logs for the rule, you see the error message 'Provided URL is not present in Jira allowlist or request from anonymous users is not enabled.'
When checking the automation Global Configuration, the 'Check all URLs against the Jira allowlist.' option is checked.
Your endpoint is not configured in Jira's allowlist in (Settings > System > Allowlist)
Cause
As per Automation for Jira release notes, the 'Check all URLs against the Jira allowlist' option is enabled by default beginning from v9 so it will be very common to face this after updating Automation to v9 and above. As a result, if any rule was configured before the upgrade to use an action that requires a Webhook URL, such as the Send Slack Notification action, it will no longer be possible to publish or enable these rules, unless the Webhook URL was added to the Jira Global allowlist.
Solution
Solution 1 - Add the Webhook URL to the Jira allow list
Resolution steps
Log in as a Jira Administrator
Go to ⚙ > System > Allowlist
Add the URL(s) that need(s) to be whitelisted based on the type of actions used by your automation rules (more information below)
Identifying the list of URLs to be whitelisted
For the rules using the "Send Slack Message" action:
You can use the following setting in the allowlist page:
Type: Wildcard expression
Expression:https://hooks.slack.com/*
For the rules using the "Send Twilio Message" action:
You can use the following setting in the allowlist page:
Type: Wildcard expression
Expression:https://api.twilio.com/*
For the rules using the "Sent Microsoft Team Message", "Send HipChat Message", and "Send Stride Message" actions:
The URLs that needs to be whitelisted will depend on how these actions are configured in your automation rules. The most efficient way to identify which URLs are used in this action is to query the table AO_589059_RULE_SECRET in the Jira Database. This table will include all the Webhook URLs used the "message type" actions such as the MS Team action/Stride action/HipChat action as mentioned in the documentation Create and edit masked secret keys for automation rules.
You can execute the SQL query below to get the full list of URLs that need to be added to the Jira Allow Llist:
1
select * from "AO_589059_RULE_SECRET" where "VALUE" like 'http%';For the rules using the "Send web request" action:
To get the list of URLs used by this action that need to be added to the Jira Allow List, you need to run the SQL query below, and get the value the "url" parameter in each row returned by the query:
1
select "VALUE" from "AO_589059_RULE_CFG_COMPONENT" where "TYPE" = 'jira.issue.outgoing.webhook';Note about this solution
If A4J is on version 9.0.1, the Webhook URLs from rules configured while on A4J 8.x will be shown as generic name, for example slack_notification_XXXXXXXXXX_XXXXXXXXX in case of Slack Webhook URLs. This behavior is due to this bug which was fixed in A4J 9.0.2:
The fact that the Slack Webhook URLs are showing as generic key names rather than URLs does not change the steps to be followed for this solution. The actual Webhook URLs are stored in the Jira DB table AO_589059_RULE_SECRET, and adding https://hooks.slack.com/* to the Jira allowlist will fix the error.
Solution 2 - Disable the A4J allowlist setting
Resolution steps:
Log in as a Jira Administrator
Go to ⚙ > System > Automation Rules
Go to ... > Global configuration
Untick the option Check all URLs against the Jira allowlist and save the change
Was this helpful?