Jump to content
Welcome to our new Citrix community!

Reverse proxying Atlassian Confluence & Jira, URL encoding

Kari Ruissalo

Recommended Posts

I'm facing a problem when publishing resources using ADC as reverse proxy. These problems seem to touch Atlassian products that don't seem to support URL encoding in some cases.


Also, this problem seems to occur only when I'm publishing resources externally and using UGW for authentication.


The case is that the client is supposed to do a post with whitespaces:

POST https://confluence.customer.com/rest/drawio/1.0/diagram/crud/Untitled Diagram/21659650?untitledDraftName=Untitled Diagram

... and when the post is done via ADC (/w auth), we're seeing:

POST https://confluence.customer.com/rest/drawio/1.0/diagram/crud/Untitled%20Diagram/21659650?untitledDraftName=Untitled%20Diagram

Which results to connection reset as the backend server doesn't approve the encoded URL where the whitespaces have been replaced with "%20".


Is there a way around this?


Link to comment
Share on other sites

It sounds like you are using Clientless access via the gateway.


Option 1:  You might get to use a rewrite policy to to decode the URL in the request to "fix" it on behalf of the app OR a custom clientless rewrite rule. One example here:  https://support.citrix.com/article/CTX214372 (might also be able to use the domain exclude option to prevent rewrite)  I haven't tried this, so you might need to try a couple of things to see what works.  Regular admin discussion on clientless policies:  https://docs.citrix.com/en-us/netscaler-gateway/12/storefront-integration/ng-clg-custom-clientless-access-rfweb-tsk.html


Option 2:  If you accessed the app via the vpn, then it shouldn't need to do any URL encoding and the app might work normally.


Option 3: If you don't really need the app behind the gateway, you could make try integrating AAA with the LB vserver instead and see if that avoids the URL encoding problem.


The fact the app does recognize html encoding is kind of odd and I would hope there was a way to tweak the app to expect this as most browsers will encode as well.

Just a quick google found this thread:  https://community.atlassian.com/t5/Confluence-questions/Why-confluence-link-URL-get-modified-with-25-sign/qaq-p/459280

So maybe its not that the app is breaking on space being %20, but instead it is re-encoding it again and then breaking because it is double encoded. There's one recommendation in the thread about how to tweak the apache to maybe not do this.  (Ideally, I would try to fix this app level first; but if not, tweaking the NS behavior may be next.)

(Here's one other variation referencing NS specifically:  https://community.atlassian.com/t5/Jira-questions/Apllying-reverse-proxy-through-netscaler-to-jira-tomcat/qaq-p/651359)

And one more (not necessarily your issue though:  https://discussions.citrix.com/topic/394578-cvpn-rewrite-problem/)


Hopefully, this either gives you some things that might work or someone else can give you a more concrete fix.  


Link to comment
Share on other sites

Hi Rhonda,


Actually I'm doing the Option 3 (but instead of AAA vServer I'm using GW).


There were actually problems with the pipe character ("|"), which was encoded to "%7C" but once the customer upgraded the Confluence this issue was resolved. I need to check with the customer if this is running on Windows or Linux platform. I think there might be differences there as well.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...