Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-24731

make the status codes to auto-block proxy repos configurable

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.14.18, 3.25.0
    • Fix Version/s: None
    • Component/s: Proxy Repository
    • Notability:
      3

      Description

      Some repos may be configured to return a 401 status code in place of a 404 status code when a remote file does not exist:

      https://developer.atlassian.com/server/framework/atlassian-sdk/atlassian-maven-repositories-2818705/

      curl -I https://packages.atlassian.com/mvn/maven-external/some/package/that/does/not/exist/maven-metadata.xml
      HTTP/1.1 401 Unauthorized
      Date: Wed, 29 Jul 2020 16:32:19 GMT
      Content-Type: application/json;charset=ISO-8859-1
      Server: globaledge-envoy
      X-Artifactory-Id: 045ce620148e539cf3916c4601f9830a547e86a7
      X-Artifactory-Node-Id: i-0c4a49204850cdac6
      Www-Authenticate: Basic realm="Artifactory Realm"
      X-Envoy-Upstream-Service-Time: 861
      Expect-Ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/artifactory", max-age=86400
      X-Logging-Id: de80cf70-1d63-429c-a0f6-b8babadad1b2
      Strict-Transport-Security: max-age=63072000; preload
      X-Content-Type-Options: nosniff
      X-Xss-Protection: 1; mode=block
      Transfer-Encoding: chunked
      

      A 401 status code will automatically block a repo.

      Expected

      The latest status codes that will auto-block are defined in NEXUS-9508

      NXRM auto-blocks when:

      • 5xx responses from the server
      • 401 response
      • 407 response
      • Exceptions as currently handled.

      Provide a setting per proxy repository that can augment/redefine what status codes will auto-block a proxy repository. ie. specify that 401 will not.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title