Hi,
when checking for extension updates in xwiki administration, the extension
updater lists some errors.
After some investigation, I've found that xwiki is trying to call some REST
api pointing to url like this:
https://store.xwiki.com/xwiki/rest/repository/extensions/[URL_ENDING_PART]
where the [URL_ENDING_PART] was one of the following examples found in the
log:
- com.google.code.findbugs%3Aannotations/versions/api
-
org.xwiki.platform%3Axwiki-platform-blog-ui/versions?requireTotalHits=true&start=0&number=-1
-
org.xwiki.contrib.ldap%3Aldap-authenticator/versions?requireTotalHits=true&start=0&number=-1
The reason for the above listed https calls is due to our proxy that is
inspecting every outgoing communication and has denied the requests to
store.xwiki.com. The proxy uses CISCO list of untrusted web sites which
says this:
Reason: BLOCK-MALWARE
Threat Type: othermalware
Threat Reason: Domain reported and verified as serving malware. Identified
as malicious IP. Identified as malicious domain or URL.
Notification: WBRS
Can be this domain trusted or not? Is it a false threat or not?
Is it legal when xwiki calls the API at
https://store.xwiki.com?
Thank you