Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-43143

Webhooks failing to bypass proxy when receiving URL is configured as a nonProxyHost in JVM configuration

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 7.8.2, 7.9.0, 7.6.6, 7.7.4
    • 6.3.8, 6.4, 6.4.2, 6.4.4, 6.4.5, 6.4.8, 6.4.9, 6.4.11, 6.4.12, 6.4.13, 7.0.5, 7.1.0, 7.1.7, 7.2.1, 7.3.0, 7.2.3, 7.2.9, 7.3.6, 7.3.8, 7.7.1, 7.5.5
    • Webhooks
    • 6.03
    • 57
    • Severity 2 - Major
    • 216
    • Hide
      Atlassian Update – 22 March 2018

      Hello everyone,

      Pleased to announce that fix has been committed and now awaits a release. We are planning to release 7.8.2 and 7.9.0 versions in few weeks.
      Fix would be available for Jira 7.6.5 too, which is current Jira Enterprise release, yet the release date is unknown as of today.

      Details of the fix

      As it was mentioned - the issue was isolated in an internal component AHTTP-36.
      Upgrading the component inside the product resolves the issue. Fix has been tested Jira versions 7.6.5, 7.7.3, 7.8.2, 7.9.0.

       

      Upgrading
      While it is possible to upgrade a component out of band - Atlassian recommends upgrading to nearest bugfix release to get the fix.

       Out-of-band component upgrades may lead to support team reject support cases until Jira code and plugins is in original versions.

       Also out-of-band deployments also may have a critical impact on instance stability and performance because of JRASERVER-64908.

      In any case - I'm attaching the mentioned version of the component that contain the fix - atlassian-httpclient-plugin-1.0.1.jar, which may be upgraded if the mentioned risks are tolerable.

       

      Configuration

      Please mind that there are different proxy configuration options available for http and https (http.proxyHost, https.proxyHost). All the details are available in https://confluence.atlassian.com/jirakb/how-to-configure-an-outbound-http-and-https-proxy-for-jira-applications-247857187.html

       

      Wish you a smooth upgrades.

      Cheers,
      Ignat Alexeyenko
      Jira Bugmaster

      Show
      Atlassian Update – 22 March 2018 Hello everyone, Pleased to announce that fix has been committed and now awaits a release. We are planning to release 7.8.2 and 7.9.0 versions in few weeks. Fix would be available for Jira 7.6.5 too, which is current Jira Enterprise release, yet the release date is unknown as of today. Details of the fix As it was mentioned - the issue was isolated in an internal component AHTTP-36 . Upgrading the component inside the product resolves the issue. Fix has been tested Jira versions 7.6.5, 7.7.3, 7.8.2, 7.9.0.   Upgrading While it is possible to upgrade a component out of band - Atlassian recommends upgrading to nearest bugfix release to get the fix.  Out-of-band component upgrades may lead to support team reject support cases until Jira code and plugins is in original versions.  Also out-of-band deployments also may have a critical impact on instance stability and performance because of JRASERVER-64908 . In any case - I'm attaching the mentioned version of the component that contain the fix - atlassian-httpclient-plugin-1.0.1.jar, which may be upgraded if the mentioned risks are tolerable.   Configuration Please mind that there are different proxy configuration options available for http and https (http.proxyHost, https.proxyHost). All the details are available in https://confluence.atlassian.com/jirakb/how-to-configure-an-outbound-http-and-https-proxy-for-jira-applications-247857187.html   Wish you a smooth upgrades. Cheers, Ignat Alexeyenko Jira Bugmaster

      Steps to reproduce the problem

      1. Install a Charles Proxy
      2. Create a HTTP proxy settings via Charles - see http-proxy.png
      3. Configure the parameters below to JVM argument via $JIRA_INSTALL/bin/setenv file:
        -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8888 -Dhttp.nonProxyHosts=requestb.in
        
      4. Save it and start JIRA.
      5. Configure a webhook to http://requestb.in/ for example like this test-webhook-642.png
      6. Create a new issue to fire a webhook.
      7. The http://requestb.in URL is showing in the Charles traffic (which mean -Dhttp.nonProxyHosts is not working).

      Expected Result

      The -Dhttp.nonProxyHosts is respected and the traffic is not directed to the proxy. The Request Bin URL shouldn't be showed in the traffic if the -Dhttp.nonProxyHosts is working.

      Actual Result

      The WebHook goes through the proxy.

      From the logs :

      2016-01-19 13:25:00,973 httpclient-callbacks:thread-23 WARN anonymous     [atlassian.webhooks.plugin.PublishTaskFactoryImpl$PublishTaskImpl] Client error - 400 when posting to web hook at 'http://requestb.in/xxxxx'
      

      Additional Information

      • Tested on 6.4.2 and 6.4.3
      • The problem is not occurring in JIRA 6.3.15, thus this is a regression.

      Workaround

      See "Upgrading" section from Current status

        1. http-proxy.png
          http-proxy.png
          27 kB
        2. test-webhook.png
          test-webhook.png
          22 kB
        3. test-webhook-642.png
          test-webhook-642.png
          29 kB
        4. atlassian-httpclient-plugin-1.0.1.jar
          1.88 MB
        5. atlassian-httpclient-plugin-1.0.1.jar.md5
          0.0 kB

              ialexeyenko Ignat (Inactive)
              ckimloong John Chin
              Votes:
              131 Vote for this issue
              Watchers:
              125 Start watching this issue

                Created:
                Updated:
                Resolved: