Getting "Blocked mirror for repositories" maven error even after adding mirrors

Question

In my past project I had a problem with dependencies starting with http, just like this one Maven Build Failure -- DependencyResolutionException . Solution was to add mirrors for the project worked fine. Though now on another project I use the same dependencies, have the same setup and I am still getting the error. Any thoughts?

score 89 · Accepted Answer · edited Jun 29 '23 at 21:12

Maven now disables all insecure http://* mirrors by default. Here is explanation from maven mainteners: http://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291

More and more repositories use HTTPS nowadays, but this hasn’t always been the case. This means that Maven Central contains POMs with custom repositories that refer to a URL over HTTP. This makes downloads via such repository a target for a MITM attack. At the same time, developers are probably not aware that for some downloads an insecure URL is being used. Because uploaded POMs to Maven Central are immutable, a change for Maven was required. To solve this, we extended the mirror configuration with parameter, and we added a new external:http:* mirror selector (like existing external:*), meaning “any external URL using HTTP”. The decision was made to block such external HTTP repositories by default: this is done by providing a mirror in the conf/settings.xml blocking insecure HTTP external URLs.

The solution (not recommended for security reasons mentioned above) may be to remove <blocked> section from mirror list in default Maven settings.xml file (/usr/share/maven/conf/settings.xml)

Update:

We can find there are 2 settings.xml in two Maven paths:

The Maven install: ${maven.home}/conf/settings.xml
A user's install: ${user.home}/.m2/settings.xml

If you do not want to edit anything in the default settings in Maven install. You can add a new mirror with the same ID to overwrite this settings. Add below inside settings > mirrors section:

<mirror>
    <id>maven-default-http-blocker</id>
    <url>http://127.0.0.1/dont-go-here</url>
    <mirrorOf>dummy</mirrorOf>
    <blocked>false</blocked>
</mirror>

Yeah I checked out that doc. Thing is that I followed the steps on another project, worked fine. Tried to do the same on another(with all the same dependencies) and I keep on getting the same error. — aratata, Jun 04 '21 at 10:22
You can try to remove section from default Maven settings.xml file. — Stanislav Kardashov, Jun 04 '21 at 10:31
For Idea users note that Idea may (and do by default) use Bundled maven and config for it located somewhere else. You may need to change "Maven home path" to "/usr/share/maven" instead of "Bundled" in Idea settings — Oleg Vazhnev, Dec 30 '21 at 14:22
Why removing `blocked` sections instead of simply putting them to: `false` ? — andreagalle, Feb 03 '22 at 10:58
tried ``false`` - doesn't help. After this it does not instantly block, but replaces url according to ``http://0.0.0.0/``, which is, surely, also does not help. — Alexo Po., May 29 '22 at 15:24

score 58 · Answer 2 · answered Jan 11 '22 at 20:45

58

Override that mirror, let it react on dummy protocol. In the local ${HOME}/.m2/settings.xml specify:

    <mirrors>
        <mirror>
            <id>maven-default-http-blocker</id>
            <mirrorOf>external:dummy:*</mirrorOf>
            <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
            <url>http://0.0.0.0/</url>
            <blocked>true</blocked>
        </mirror>
    </mirrors>

answered Jan 11 '22 at 20:45

Nick Mazurkin

731
5
7

3

this is the solution I liked the most... as I can override the config in my personal settings and I do not have to mess round with the main configuration file. – flags Mar 23 '22 at 13:32
2

With a bit more details, this should be the answer to this question. – user1452962 May 09 '22 at 18:10
1

Why does this still say true? Shouldn't it be false? – user3038723 May 13 '22 at 15:12
1

this one worked like a charm, and for me it's a better solution due to being done only over the user 's settings, instead of doing that at intellij's or shared maven settings – ArturEld Jun 17 '22 at 13:23
1

It worked like a charm though blocked should be "false". – Tech Sawy Aug 08 '22 at 07:44
this worked for me! side note, in IntelliJ the is showing up red like it doesn't know about that schema element. "true" worked for me – tom Aug 08 '22 at 16:48
2

Not sure why, but worked for me too. – cbmeeks Aug 23 '22 at 15:38
This did not work for me until I set `blocked` to `false`. OP you may want to update your answer. – Saeid Nourian Jul 31 '23 at 20:57

score 40 · Answer 3 · answered Aug 17 '21 at 11:15

40

If Stanislav Kardashov's solution doesn't help, just remove (or comment out) the whole http-blocker mirror in maven settings.xml.

Path (as pointed out in Stanislavs answer): /usr/share/maven/conf/settings.xml

    <!--
    <mirror>
      <id>maven-default-http-blocker</id>
      <mirrorOf>external:http:*</mirrorOf>
      <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
      <url>http://0.0.0.0/</url>
      <blocked>true</blocked>
    </mirror>
        -->

answered Aug 17 '21 at 11:15

Cat-Lord

630
7
12

7

This seems to be the only valid solution (apart from using an outdated Maven version) when using the bundled version inside IntelliJ. The file resides inside IntelliJ’s installation directory under `/plugins/maven/lib/maven3/conf/settings.xml`. – Koraktor Dec 23 '21 at 10:26
Commenting out the whole thing only worked out not just disabling the `` flag. – Raj Rajeshwar Singh Rathore May 29 '23 at 07:07

Strengthiness · Answer 4 · 2021-06-18T14:10:41.560

27

If I had to guess, you're running the latest Maven, which disables HTTP. Try downgrading to Maven 3.6.

[Edit] That said, Stanislav's answer is the most correct.

edited Jun 18 '21 at 14:10

answered Jun 17 '21 at 15:57

Strengthiness

561
1
5
12

best answer, thanks bro – pavel_orekhov Jan 09 '22 at 22:22

score 16 · Answer 5 · answered Aug 24 '21 at 17:48

16

Try converting the mirror from http to https if the maven repository that you are using have a secure endpoint available. This worked for me in case of confluent.

answered Aug 24 '21 at 17:48

Rishi Barve

1,133
9
12

yes, it helps to decide my problem – Николай Мишин Oct 07 '21 at 21:23

score 8 · Answer 6 · answered Jul 19 '21 at 10:28

8

C:-> Users-> your_user_name -> .m2 -> settings.xml

Adding this mirror to your settings.xml file.

<mirror>
  <id>jaspersoft-third-party-mirror</id>
  <mirrorOf>jaspersoft-third-party</mirrorOf>
  <url>http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
  <blocked>false</blocked>
</mirror>

answered Jul 19 '21 at 10:28

Geeth

541
3
12

2

In my case I didn't modify the `settings.xml` file. I just added and S to HTTP in the URL tag, that is `https` and the rest of the Jasper URL as is and it solved my dependencies. – Metafaniel Nov 18 '21 at 05:45

score 3 · Answer 7 · answered May 11 '22 at 12:52

3

Works like a charm by commenting this block script of D:\installer\IntelliJ IDEA 2022.1\plugins\maven\lib\maven3\conf\settings.xml

<!-- <mirror>
  <id>maven-default-http-blocker</id>
  <mirrorOf>external:http:*</mirrorOf>
  <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
  <url>http://0.0.0.0/</url>
  <blocked>true</blocked>
</mirror> -->

answered May 11 '22 at 12:52

gatan

31
4

1

There are already 10+ answers with high audience points, please state more details on how your answer address the OP's question. Please review the previous answer before posting. – Kuro Neko May 17 '22 at 03:53

score 1 · Answer 8 · answered Mar 22 '22 at 16:41

Just thought I'd add what worked for me since I worked on this for over an hour and don't see my particular solution listed anywhere in this thread.

I have successfully built a certain maven project on my PC for years now, and have been training a colleague on how to build it himself on his mac. He kept getting blocked mirror errors, while I wasn't -- even though we are using the same version of maven (3.8.1) and the same exact project repository/branch.

We tried many of the suggestions in this thread (and elsewhere) but nothing was helping. I decided to see where our settings files differed. This was when I realized that he was using a local settings.xml file (located in his .m2 directory), and that I did not have that settings.xml file inside my .m2. I found that I was using the global settings.xml that had come with maven, in the conf directory under the main maven install directory (.../apache-maven-3.8.1/conf/settings.xml). I had never modified this config file. The global settings file included a mirrors section, but the local one did not.

I'm not really sure what sequence of events caused my colleague to have this user-specific settings file when I didn't -- perhaps something about the mac install vs PC.

So I had my colleague rename the .m2 settings file to settings.txt, in order to disable it and force maven to use the global one. The first try didn't work, but then when he edited the global settings.xml mirror section to have <blocked>false</blocked> instead of true: VOILA problem fixed. It built successfully on the next attempt.

score 1 · Answer 9 · answered May 20 '22 at 10:05

It is recommended to use https endpoint for your repo in setting file. In order to resolve or you can say skip default maven setting.xml . Then click on Override checkbox when you set your user setting.xml file . Eg. In IntelliJ , File —-> Settings —-> Buld, Execution,Deployment —-> Build Tools —-> Maven —-> User setting file —> click Override check box

In your user setting.xml , remove below tag if present.

Above steps will solve your problem.

score 1 · Answer 10 · answered Jul 20 '22 at 17:18

Intellij Solution here.

So if you've tried everything and it still doesn't work, go to Settings > Build , Execution, Deployment > Build Tools > Maven and change the user settings to the location of your settings.xml file. In my case the default pointed to the .m2 folder:

but the settings file was in the Maven_Home folder. I just changed it to that and the mirror blocked error went away. Remember to do this whenever you delete your .m2 and/or .idea folders.

score 1 · Answer 11 · answered Dec 30 '22 at 18:40

I already had a mirror in my settings. So I just needed to add the new selector external:http:*

Example of what worked for me:

<mirrors>
    <mirror>
        <id>example.mirror.nexus</id>
        <mirrorOf>external:http:*</mirrorOf>
        <name>My Maven Repository</name>
        <url>http://example.com/my/content/</url>
    </mirror>
</mirrors>

Getting "Blocked mirror for repositories" maven error even after adding mirrors

11 Answers11

Linked