There is the possibility to allow anonymous access for special url patterns. This may be needed for integration (application links) with other tools like confluence or bamboo.
To configure the whitelist go to Administration > Add-ons > Prevent anonymous access. The easiest way would be to check the Rejected requests and automatically create a whitelist entry from them.
Of course it is also possible to define the whitelist entry completely manually via the text field on the Whitelist page. All existing entries are also listed there.
There is a default whitelist containing the log-in and forgot password screens. Application Links and public SOAP/REST interfaces are also included in this default list.