Unable to delete projects and repositories with application based firewall

Summary

Symptoms

When attempting to delete a repository or project the web page returns a timeout with the following message with no error messages related to the deletion problem:

Server Unreachable - The server didn't respond. You may retry your request when the server comes back up.

Diagnosis

The hypothesis was that something was intercepting the HTTP DELETE request that Bitbucket Server makes when attempting to delete a repository or project; the corporate proxy server might be dropping the HTTP DELETE requests.

An HTTP proxy was set up (Burp Proxy, which is a useful tool for manipulating HTTP requests) and configured to drop DELETE requests. Using Chrome's Developer Tools the same error message was experienced upon attempted delete. The Developer Tools logged that the proxy returned an HTTP 502 status code i.e. Bad Gateway.

Cause

If using an application based firewall (e.g. Palo Alto PA2020) which inspects the type of traffic (not just the active port) between various network segments, this may be the culprit. Web traffic is, generally speaking, displayed as an application type of "web-browsing". Palo Alto does provide a JIRA application type but doesn't currently have one for Bitbucket Server. When looking at the denied traffic between host and the server check to see if the traffic blocked that appears is labeled as "webdav" as opposed to "web-browsing" or any other currently allowed traffic between local workstations and the remote network segment.

Solution

Resolution

Update the firewall rule to allow "webdav" traffic between the required network segments.