You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Till Rohrmann (JIRA)" <ji...@apache.org> on 2018/09/10 07:51:00 UTC

[jira] [Updated] (FLINK-10075) HTTP connections to a secured REST endpoint flood the log

     [ https://issues.apache.org/jira/browse/FLINK-10075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Till Rohrmann updated FLINK-10075:
----------------------------------
    Fix Version/s: 1.5.4
                   1.7.0
                   1.6.1

> HTTP connections to a secured REST endpoint flood the log
> ---------------------------------------------------------
>
>                 Key: FLINK-10075
>                 URL: https://issues.apache.org/jira/browse/FLINK-10075
>             Project: Flink
>          Issue Type: Improvement
>          Components: REST
>    Affects Versions: 1.5.2, 1.6.0
>            Reporter: Stephan Ewen
>            Priority: Critical
>             Fix For: 1.6.1, 1.7.0, 1.5.4
>
>
> When connecting with a browser (or other client tool) to a secured REST endpoint, the decoder throws many exceptions indicating that the received data is not an SSL record.
> This massively floods the log, drowning out everything else (see below).
> h2. Proposed Solution
> If a {{NotSslRecordException}} is caught, Netty should send a response HTTP 301 with a new location of https://host:port/
> The response would need to bypass the SSL handler because it must come in plain text.
> h2. Fallback Solution
> If the proper solution cannot work, we should reduce the log level for that particular exception to *TRACE*.
> h2. Sample Log Output
> Log message that is written per each request (there are many per web UI page)
> {code}
> 2018-08-06 19:07:57,734 WARN  org.apache.flink.runtime.dispatcher.DispatcherRestEndpoint    - Unhandled exception
> org.apache.flink.shaded.netty4.io.netty.handler.codec.DecoderException: org.apache.flink.shaded.netty4.io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554
> 202f7061727469616c732f6f766572766965772e68746d6c20485454502f312e310d0a486f73743a206c6f63616c686f73743a383038310d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a4163636570743a
> 20746578742f68746d6c0d0a557365722d4167656e743a204d6f7a696c6c612f352e3020285831313b204c696e7578207838365f363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b6520
> 4765636b6f29204368726f6d652f34372e302e323532362e313131205361666172692f3533372e33360d0a526566657265723a20687474703a2f2f6c6f63616c686f73743a383038312f0d0a4163636570742d456e636f64
> 696e673a20677a69702c206465666c6174652c20736463680d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e382c64653b713d302e360d0a49662d4d6f6469666965642d53696e63653a204d
> 6f6e2c2030362041756720323031382031353a34343a313720474d540d0a0d0a
>         at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459)
>         at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
>         at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
>         at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
>         at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
>         at org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
>         at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
>         at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
>         at org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
>         at org.apache.flink.shaded.netty4.io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
>         at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
>         at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:580)
>         at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
>         at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
>         at org.apache.flink.shaded.netty4.io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
>         at org.apache.flink.shaded.netty4.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
>         at java.lang.Thread.run(Thread.java:745)
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)