Internal Server Error when accessing the frontend; IPv6 address detection too simple? "host" variable also contains the port.

[marfrde]

Hello,

I have a problem accessing a newly migrated (from 0.3.0M7-mysql to 0.3.0M9-mysql) docker instance of hawkbit that is running as an Azure App Service.

The (db-) migration as such worked without issues (did the log say). Thanks for that. The issues starts when I want to access the frontend. I only get an internal server error

Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.

Thu Nov 16 07:51:05 GMT 2023
There was an unexpected error (type=Internal Server Error, status=500).

and the following stack trace in the log

2023-11-16T07:51:05.506463464Z: [INFO]  2023-11-16 07:51:05.506 ERROR 1 --- [nio-8080-exec-6] o.a.c.c.C.[.[.[.[vaadin4SpringServlet]   : Servlet.service() for servlet [vaadin4SpringServlet] in context with path [] threw exception
2023-11-16T07:51:05.506506964Z: [INFO]  
2023-11-16T07:51:05.506512664Z: [INFO]  java.lang.IllegalArgumentException: Malformed IPv6 address at index 8: http://[1.2.3.4:48837] // IP Changed. It was the actual public IP of the client
2023-11-16T07:51:05.506543464Z: [INFO]      at java.base/java.net.URI.create(Unknown Source)
2023-11-16T07:51:05.506547664Z: [INFO]      at org.eclipse.hawkbit.util.IpUtil.createUri(IpUtil.java:130)
2023-11-16T07:51:05.506551164Z: [INFO]      at org.eclipse.hawkbit.util.IpUtil.createHttpUri(IpUtil.java:160)
2023-11-16T07:51:05.506554564Z: [INFO]      at org.eclipse.hawkbit.util.IpUtil.getClientIpFromRequest(IpUtil.java:96)
2023-11-16T07:51:05.506558164Z: [INFO]      at org.eclipse.hawkbit.util.IpUtil.getClientIpFromRequest(IpUtil.java:79)
2023-11-16T07:51:05.506561664Z: [INFO]      at org.eclipse.hawkbit.security.DosFilter.doFilterInternal(DosFilter.java:125)
2023-11-16T07:51:05.506564764Z: [INFO]      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
2023-11-16T07:51:05.506567964Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
2023-11-16T07:51:05.506571264Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
2023-11-16T07:51:05.519736814Z: [INFO]      at org.eclipse.hawkbit.security.DosFilter.doFilterInternal(DosFilter.java:119)
2023-11-16T07:51:05.519748614Z: [INFO]      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
2023-11-16T07:51:05.520403316Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
2023-11-16T07:51:05.520417416Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
2023-11-16T07:51:05.520421516Z: [INFO]      at org.eclipse.hawkbit.security.DosFilter.doFilterInternal(DosFilter.java:119)
2023-11-16T07:51:05.520424716Z: [INFO]      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
2023-11-16T07:51:05.520428016Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
2023-11-16T07:51:05.520431216Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
2023-11-16T07:51:05.520434316Z: [INFO]      at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
2023-11-16T07:51:05.520437416Z: [INFO]      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
2023-11-16T07:51:05.520440516Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
2023-11-16T07:51:05.520445616Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
2023-11-16T07:51:05.520449116Z: [INFO]      at org.springframework.web.servlet.v3_1.OpenTelemetryHandlerMappingFilter.doFilter(OpenTelemetryHandlerMappingFilter.java:83)
2023-11-16T07:51:05.520462916Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
2023-11-16T07:51:05.520466316Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
2023-11-16T07:51:05.520469416Z: [INFO]      at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
2023-11-16T07:51:05.520472616Z: [INFO]      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
2023-11-16T07:51:05.520475716Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
2023-11-16T07:51:05.520478816Z: [INFO]      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
2023-11-16T07:51:05.520482216Z: [INFO]      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
2023-11-16T07:51:05.520485316Z: [INFO]      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
2023-11-16T07:51:05.520488416Z: [INFO]      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
2023-11-16T07:51:05.520491516Z: [INFO]      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
2023-11-16T07:51:05.520494716Z: [INFO]      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
2023-11-16T07:51:05.520505017Z: [INFO]      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
2023-11-16T07:51:05.520508517Z: [INFO]      at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:768)
2023-11-16T07:51:05.520511517Z: [INFO]      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
2023-11-16T07:51:05.520514717Z: [INFO]      at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
2023-11-16T07:51:05.520517917Z: [INFO]      at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
2023-11-16T07:51:05.520521017Z: [INFO]      at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
2023-11-16T07:51:05.520524117Z: [INFO]      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
2023-11-16T07:51:05.520527217Z: [INFO]      at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
2023-11-16T07:51:05.520530317Z: [INFO]      at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
2023-11-16T07:51:05.520534217Z: [INFO]      at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
2023-11-16T07:51:05.520537617Z: [INFO]      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
2023-11-16T07:51:05.520540917Z: [INFO]      at java.base/java.lang.Thread.run(Unknown Source)
2023-11-16T07:51:05.520544117Z: [INFO]  Caused by: java.net.URISyntaxException: Malformed IPv6 address at index 8: http://[1.2.3.4:48837]
2023-11-16T07:51:05.520547217Z: [INFO]      at java.base/java.net.URI$Parser.fail(Unknown Source)
2023-11-16T07:51:05.520550317Z: [INFO]      at java.base/java.net.URI$Parser.parseIPv6Reference(Unknown Source)
2023-11-16T07:51:05.520553417Z: [INFO]      at java.base/java.net.URI$Parser.parseServer(Unknown Source)
2023-11-16T07:51:05.520556617Z: [INFO]      at java.base/java.net.URI$Parser.parseAuthority(Unknown Source)
2023-11-16T07:51:05.520559717Z: [INFO]      at java.base/java.net.URI$Parser.parseHierarchical(Unknown Source)
2023-11-16T07:51:05.520562817Z: [INFO]      at java.base/java.net.URI$Parser.parse(Unknown Source)
2023-11-16T07:51:05.520565917Z: [INFO]      at java.base/java.net.URI.<init>(Unknown Source)
2023-11-16T07:51:05.520569317Z: [INFO]      ... 45 common frames omitted

The issue seems to be that here

1. the host parameter also contains the port. So it's an endpoint instead of only the host
2. the check if the address is an IPv6 address is pretty basic and fails to recognize that it got an endpoint instead of an IPv6 address

The error can be simulated in this online editor snippet https://www.online-java.com/hO7VMaWGzF

Is there any possibility that this is just a configuration issue or is there a way to disable the DosFilter ( I know, not recommended but would allow me to run it until there's a better solution and the issue seems to originate from there)? Or is there a different fix that a non-java-developer can use to get this up and finalize the migration?

Thank you.

[avgustinmm]

AFAIU hawkBit gets client host (e.g. from X-Forwarded-For or Host headers) and then do some resolution. It doesn't expect port in 1.2.3.4:48837 but just IP/host name. It strange how it worked out with M7. Do you have any changes that could lead to change of incoming requests? I wonder if this commit https://github.com/eclipse/hawkbit/commit/dafc08304ddbdd7741a22c8a27f7b08ddc6b4a4f could be related.

Dos filters are enabled conditionally with:

@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)

so you could disable it by setting Spring property hawkbit.server.security.dos.filter.enabled=false. I suppose you could do that by setting it as environment property for the java process.

PS: btw if you din't want to leak the ip of the client you shall remove it from the stack trace also (near the bottom) ...

[avgustinmm]

https://github.com/eclipse/hawkbit/pull/1483 shall fix your case when you have ip and port

[marfrde]

Thank you @avgustinmm for the quick response and fix.

I did search, but did not find any mention of a plan for upcoming releases. Are there any new releases planned or is 0.3.0 such a long term release as M7 has been? Or do I have to build my own image to get this fix?

[avgustinmm]

Ho @marfrde , we plan to implement Spring Boot 3 migration and UI removal (as announced at https://eclipse.dev/hawkbit/blog/2023-10-22-vaadin8_ui_discontinuation/). This release will contain significant changes. I hope it will be ready before the end of the January 2024. Not sure if there would be any intermediate release.