Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-24731

make the status codes to auto-block proxy repos configurable

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.14.18, 3.25.0
    • Fix Version/s: None
    • Component/s: Proxy Repository
    • Notability:
      3

      Description

      Some repos may be configured to return a 401 status code in place of a 404 status code when a remote file does not exist:

      https://developer.atlassian.com/server/framework/atlassian-sdk/atlassian-maven-repositories-2818705/

      curl -I https://packages.atlassian.com/mvn/maven-external/some/package/that/does/not/exist/maven-metadata.xml
HTTP/1.1 401 Unauthorized
Date: Wed, 29 Jul 2020 16:32:19 GMT
Content-Type: application/json;charset=ISO-8859-1
Server: globaledge-envoy
X-Artifactory-Id: 045ce620148e539cf3916c4601f9830a547e86a7
X-Artifactory-Node-Id: i-0c4a49204850cdac6
Www-Authenticate: Basic realm="Artifactory Realm"
X-Envoy-Upstream-Service-Time: 861
Expect-Ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/artifactory", max-age=86400
X-Logging-Id: de80cf70-1d63-429c-a0f6-b8babadad1b2
Strict-Transport-Security: max-age=63072000; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Transfer-Encoding: chunked

      A 401 status code will automatically block a repo.

      Expected

      The latest status codes that will auto-block are defined in NEXUS-9508

      NXRM auto-blocks when:

      • 5xx responses from the server
      • 401 response
      • 407 response
      • Exceptions as currently handled.

      Provide a setting per proxy repository that can augment/redefine what status codes will auto-block a proxy repository. ie. specify that 401 will not.

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-9508 Nexus auto-blocks repositories too aggressively

          • Major - Major loss of function.
          • Closed
          relates

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-27644 Auto blocking may not work reliably for remotes which HTTP redirect or where Remote URL base path access is not allowed

          • Major - Major loss of function.
          • New

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-16539 Nexus 3 does not auto-block on 401 responses from https://maven.oracle.com

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Rich Seddon Rich Seddon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title