I see there is a “Force user authentication” option in the administration panel, but when I turn this off, everyone can access my SonarQube instance without authentication, which doesn’t seem very secure. If I only want users on the IP whitelist to have anonymous access and require authentication for all other users, how can I achieve this?
Hey there.
SonarQube will not handle this, and you’ll have to set up some service in front of SonarQube to handle blocking/accepting the traffic.
Also, your version is past EOL. You should upgrade to either the latest version or the current LTA (long-term active version) at your earliest convenience. Your upgrade path is:
8.9 > 9.9.6 → 10.6 (last step optional)
You may find these resources helpful:
If you have questions about upgrading, feel free to open a new thread for that here.
If your error persists after upgrade, please come back to us.