-
Enhancement
-
Resolution: Unresolved
-
Major
-
None
-
1.4.25.Final
-
None
hello,
I have configured undertow (via spring boot) to listen to HTTPS traffic on 9480
If users hit my app with plain HTTP requests, they'll receive something like this :
$ curl -v http://localhost:9480 * Rebuilt URL to: http://localhost:9480/ * Trying ::1... * TCP_NODELAY set * Connected to localhost (::1) port 9480 (#0) > GET / HTTP/1.1 > Host: localhost:9480 > User-Agent: curl/7.54.0 > Accept: */* > * Connection #0 to host localhost left intact P
(notice the weird P at the end; it's part of the "response")
At the same time, if you look at the log, undertow did this :
2018-08-07 18:45:13.905 TRACE 80241 --- [ XNIO-2 Accept] org.xnio.nio : Running task org.xnio.nio.QueuedNioTcpServer$2@73dac3f3 2018-08-07 18:45:13.905 TRACE 80241 --- [ XNIO-2 Accept] org.xnio.nio.selector : Beginning select on sun.nio.ch.KQueueSelectorImpl@7922a883 2018-08-07 18:45:13.906 DEBUG 80241 --- [ XNIO-2 I/O-2] io.undertow.request.io : Error reading request javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:156) ~[na:1.8.0_162] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:868) ~[na:1.8.0_162] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[na:1.8.0_162] at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:732) ~[undertow-core-1.4.25.Final.jar:1.4.25.Final] at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:567) ~[undertow-core-1.4.25.Final.jar:1.4.25.Final] at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127) ~[xnio-api-3.3.8.Final.jar:3.3.8.Final] at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:158) [undertow-core-1.4.25.Final.jar:1.4.25.Final] at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:136) [undertow-core-1.4.25.Final.jar:1.4.25.Final] at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:147) [undertow-core-1.4.25.Final.jar:1.4.25.Final] at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:93) [undertow-core-1.4.25.Final.jar:1.4.25.Final] at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:52) [undertow-core-1.4.25.Final.jar:1.4.25.Final] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.3.8.Final.jar:3.3.8.Final] at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291) [xnio-api-3.3.8.Final.jar:3.3.8.Final] at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) [xnio-api-3.3.8.Final.jar:3.3.8.Final] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.3.8.Final.jar:3.3.8.Final] at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092) [xnio-api-3.3.8.Final.jar:3.3.8.Final] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.3.8.Final.jar:3.3.8.Final] at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:129) [xnio-nio-3.3.8.Final.jar:3.3.8.Final] at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:582) [xnio-nio-3.3.8.Final.jar:3.3.8.Final] at org.xnio.nio.WorkerThread.run(WorkerThread.java:466) [xnio-nio-3.3.8.Final.jar:3.3.8.Final] 2018-08-07 18:45:13.906 TRACE 80241 --- [ XNIO-2 I/O-2] org.xnio.safe-close : Closing resource io.undertow.server.protocol.http.HttpServerConnection@56a48ba2
fair enough, SslConduit could not unwrap plain HTTP as SSL.
Now, to be nice with my users, is there a way I can intercept the incoming request before it goes to the SslConduit, so that if I see it's plain HTTP, I send a hardcoded HTTPResponse like 400 "Use HTTPS please"
Thanks in advance for your answers,
Anthony
