In my proudction rails app, I got all types of random attacks requesting for asp, zip and rar files. Rails rendered 404 page as expected, but my production log file is jammed with RoutingError stacktrace dump like the following.
My question is: can I block URLs with certain patterns in Apache/Passenger? Or at least can I configure Rails to just log the error itself and not to print the entire stacktrace? Thanks!
Processing ApplicationController#index (for 100.222.237.7 at 2011-03-22 10:59:54) [GET]
ActionController::RoutingError (No route matches "/include/upfile_flash.asp" with {:host=>"www.myhost.com", :method=>:get, :domain=>"myhost.com", :subdomain=>"www"}):
passenger (2.2.15) lib/phusion_passenger/rack/request_handler.rb:92:in `process_request'
passenger (2.2.15) lib/phusion_passenger/abstract_request_handler.rb:207:in `main_loop'
passenger (2.2.15) lib/phusion_passenger/railz/application_spawner.rb:441:in `start_request_handler'
passenger (2.2.15) lib/phusion_passenger/railz/application_spawner.rb:381:in `handle_spawn_application'
passenger (2.2.15) lib/phusion_passenger/utils.rb:252:in `safe_fork'
passenger (2.2.15) lib/phusion_passenger/railz/application_spawner.rb:377:in `handle_spawn_application'
passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:352:in `__send__'
passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:352:in `main_loop'
passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:196:in `start_synchronously'
passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:163:in `start'
passenger (2.2.15) lib/phusion_passenger/railz/application_spawner.rb:222:in `start'
passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rails_application'
passenger (2.2.15) lib/phusion_passenger/abstract_server_collection.rb:126:in `lookup_or_add'
passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:247:in `spawn_rails_application'
passenger (2.2.15) lib/phusion_passenger/abstract_server_collection.rb:80:in `synchronize'
passenger (2.2.15) lib/phusion_passenger/abstract_server_collection.rb:79:in `synchronize'
passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:246:in `spawn_rails_application'
passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:145:in `spawn_application'
passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:278:in `handle_spawn_application'
passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:352:in `__send__'
passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:352:in `main_loop'
passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:196:in `start_synchronously'
Rendering /myapp/public/404.html (404 Not Found)
You could add a catch all route after all your other routes that would catch this stuff and render a controller/action of your choosing:
match '*' => 'errors#not_found'
You could even choose to only match .asp or whatever if you wanted:
match '*.:format' => 'errors#not_found', :constraints => {:format => /(asp|zip|rar)/i}
Rails 4 and 5 answer:
match '*any', to: 'not_found#anything', via: [:get, :post]
To match a wildcard parameter, it must have a name assigned to it - any
in this case.
class NotFoundController < ApplicationController
def anything
Logger.new('log/not_found.log').info(request.fullpath)
# To render nothing:
# head :not_found #Rails 5
# render nothing: true, status: :not_found # for Rails 4
#To render 404 page
render file: 'public/404.html', status: :not_found, layout: false
end
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.