Details
-
Improvement
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
1.5.2, 1.6.0, 1.7.0
Description
When connecting with a browser (or other client tool) to a secured REST endpoint, the decoder throws many exceptions indicating that the received data is not an SSL record.
This massively floods the log, drowning out everything else (see below).
Proposed Solution
If a NotSslRecordException is caught, Netty should send a response HTTP 301 with a new location of https://host:port/
The response would need to bypass the SSL handler because it must come in plain text.
Fallback Solution
If the proper solution cannot work, we should reduce the log level for that particular exception to TRACE.
Sample Log Output
Log message that is written per each request (there are many per web UI page)
2018-08-06 19:07:57,734 WARN org.apache.flink.runtime.dispatcher.DispatcherRestEndpoint - Unhandled exception
org.apache.flink.shaded.netty4.io.netty.handler.codec.DecoderException: org.apache.flink.shaded.netty4.io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554
202f7061727469616c732f6f766572766965772e68746d6c20485454502f312e310d0a486f73743a206c6f63616c686f73743a383038310d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a4163636570743a
20746578742f68746d6c0d0a557365722d4167656e743a204d6f7a696c6c612f352e3020285831313b204c696e7578207838365f363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b6520
4765636b6f29204368726f6d652f34372e302e323532362e313131205361666172692f3533372e33360d0a526566657265723a20687474703a2f2f6c6f63616c686f73743a383038312f0d0a4163636570742d456e636f64
696e673a20677a69702c206465666c6174652c20736463680d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e382c64653b713d302e360d0a49662d4d6f6469666965642d53696e63653a204d
6f6e2c2030362041756720323031382031353a34343a313720474d540d0a0d0a
at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459)
at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
at org.apache.flink.shaded.netty4.io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:580)
at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
at org.apache.flink.shaded.netty4.io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
at org.apache.flink.shaded.netty4.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:745)
Attachments
Issue Links
- links to