Getting "Blocked mirror for repositories" maven error even after adding mirrors

Question

In my past project I had a problem with dependencies starting with http, just like this one Maven Build Failure -- DependencyResolutionException . Solution was to add mirrors for the project worked fine. Though now on another project I use the same dependencies, have the same setup and I am still getting the error. Any thoughts?

Answer 1

Maven now disables all insecure http://* mirrors by default. Here is explanation from maven mainteners: http://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291

More and more repositories use HTTPS nowadays, but this hasn’t always been the case. This means that Maven Central contains POMs with custom repositories that refer to a URL over HTTP. This makes downloads via such repository a target for a MITM attack. At the same time, developers are probably not aware that for some downloads an insecure URL is being used. Because uploaded POMs to Maven Central are immutable, a change for Maven was required. To solve this, we extended the mirror configuration with parameter, and we added a new external:http:* mirror selector (like existing external:*), meaning “any external URL using HTTP”. The decision was made to block such external HTTP repositories by default: this is done by providing a mirror in the conf/settings.xml blocking insecure HTTP external URLs.

The solution (not recommended for security reasons mentioned above) may be to remove <blocked> section from mirror list in default Maven settings.xml file (/usr/share/maven/conf/settings.xml)

Answer 2

If Stanislav Kardashov's solution doesn't help, just remove (or comment out) the whole http-blocker mirror in maven settings.xml.

Path (as pointed out in Stanislavs answer): /usr/share/maven/conf/settings.xml

    <!--
    <mirror>
      <id>maven-default-http-blocker</id>
      <mirrorOf>external:http:*</mirrorOf>
      <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
      <url>http://0.0.0.0/</url>
      <blocked>true</blocked>
    </mirror>
        -->

Answer 3

If I had to guess, you're running the latest Maven, which disables HTTP. Try downgrading to Maven 3.6.

[Edit] That said, Stanislav's answer is the most correct.

Answer 4

Override that mirror, let it react on dummy protocol. In the local ${HOME}/.m2/settings.xml specify:

    <mirrors>
        <mirror>
            <id>maven-default-http-blocker</id>
            <mirrorOf>external:dummy:*</mirrorOf>
            <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
            <url>http://0.0.0.0/</url>
            <blocked>true</blocked>
        </mirror>
    </mirrors>

Answer 5

Try converting the mirror from http to https if the maven repository that you are using have a secure endpoint available. This worked for me in case of confluent.

Answer 6

C:-> Users-> your_user_name -> .m2 -> settings.xml

Adding this mirror to your settings.xml file.

<mirror>
  <id>jaspersoft-third-party-mirror</id>
  <mirrorOf>jaspersoft-third-party</mirrorOf>
  <url>http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
  <blocked>false</blocked>
</mirror>

Answer 7

When Maven is installed via homebrew on latest MacOS, the settings.xml file can be found here:

/opt/homebrew/Cellar/maven/3.8.4/libexec/conf/settings.xml

Answer 8

If you install maven on Mac by homebrew, the file is /usr/local/Cellar/maven//libexec/conf

Answer 9

If you're using NetBeans, know that it ships with Maven built-in. Look for settings.xml inside your \NetBeans\java\maven\conf\.

Answer 10

Just thought I'd add what worked for me since I worked on this for over an hour and don't see my particular solution listed anywhere in this thread.

I have successfully built a certain maven project on my PC for years now, and have been training a colleague on how to build it himself on his mac. He kept getting blocked mirror errors, while I wasn't -- even though we are using the same version of maven (3.8.1) and the same exact project repository/branch.

We tried many of the suggestions in this thread (and elsewhere) but nothing was helping. I decided to see where our settings files differed. This was when I realized that he was using a local settings.xml file (located in his .m2 directory), and that I did not have that settings.xml file inside my .m2. I found that I was using the global settings.xml that had come with maven, in the conf directory under the main maven install directory (.../apache-maven-3.8.1/conf/settings.xml). I had never modified this config file. The global settings file included a mirrors section, but the local one did not.

I'm not really sure what sequence of events caused my colleague to have this user-specific settings file when I didn't -- perhaps something about the mac install vs PC.

So I had my colleague rename the .m2 settings file to settings.txt, in order to disable it and force maven to use the global one. The first try didn't work, but then when he edited the global settings.xml mirror section to have <blocked>false</blocked> instead of true: VOILA problem fixed. It built successfully on the next attempt.

Answer 11

Works like a charm by commenting this block script of D:\installer\IntelliJ IDEA 2022.1\plugins\maven\lib\maven3\conf\settings.xml

<!-- <mirror>
  <id>maven-default-http-blocker</id>
  <mirrorOf>external:http:*</mirrorOf>
  <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
  <url>http://0.0.0.0/</url>
  <blocked>true</blocked>
</mirror> -->

Answer 12

It is recommended to use https endpoint for your repo in setting file. In order to resolve or you can say skip default maven setting.xml . Then click on Override checkbox when you set your user setting.xml file . Eg. In IntelliJ , File —-> Settings —-> Buld, Execution,Deployment —-> Build Tools —-> Maven —-> User setting file —> click Override check box

In your user setting.xml , remove below tag if present.

Above steps will solve your problem.