search

wiremock / wiremock

A tool for mocking HTTP services
https://wiremock.org/
Apache License 2.0
6.31k stars 1.42k forks source link

Error when proxying to a host that is only accessible via IPv6 #2736

Closed egerix closed 3 months ago

egerix commented 4 months ago

Proposal

Receiving an error when proxying to a host that is only accessible via IPv6: "Network failure trying to make a proxied request from WireMock to ..... failed: Network is unreachable (connect failed)".

I'm running WireMock in standalone mode without specifying either --allow-proxy-targets or --deny-proxy-targets. I set up mapping with proxying to a host, the DNS records of which contain both IPv4 and IPv6 addresses. However, due to network security settings, the IPv4 address is unreachable and only IPv6 is available, which is a common scenario.

The issue occurs following the changes in https://github.com/wiremock/wiremock/pull/2475, where WireMock forcibly filters out all IPv6 records.

Proposed solution: If no proxy rule (security rule) is set, dns.resolve should not be filtered and should return the records as they are.

Reproduction steps

  1. Start WireMock without specifying security rules for the proxy.
  2. Make the DNS record for that name return both ipv4 and ipv6 addresses. IPv4 address should be unavailable (You may try to turn off IPv4 in network settings).
  3. Configure a proxy stub to that domain name.
  4. Observe that requests through the proxy stub result in an error.

References

No response

dwnusbaum commented 3 months ago

I also ran into this. WireMock 3.2.0 is the most recent version that supports hosts that are only reachable via IPv6. In my case I am using WireMockRule in JUnit tests, and like the reporter I am not trying to filter network addresses.

When using WireMock as a Java library, there is a workaround, but it is somewhat verbose (maybe there is a simpler way that I missed). You can implement your own com.github.tomakehurst.wiremock.http.client.HttpClientFactory, copy/pasting most of com.github.tomakehurst.wiremock.http.HttpClientFactory for your implementation, wrapping the result as in ApacheHttpClientFactory, changing only these two lines as needed for your use case (e.g. just using SystemDefaultDnsResolver.INSTANCE directly if you don't care about filtering addresses): https://github.com/wiremock/wiremock/blob/6b0b5cc3b71ad50eefb1c7d1cdd0865b2c3f0047/src/main/java/com/github/tomakehurst/wiremock/http/HttpClientFactory.java#L72-L73

The approach in https://github.com/wiremock/wiremock/pull/2737 would fix my case as well. If maintainers would prefer some kind of alternate approach, such as new configuration options to allowing IPv6-specific filtering or something like that, I would be happy to help implement it.