We do get a fair amount of requests to random HTTP verbs and file types, but the system usually handles that just fine (throwing an unknown request exception would be desired behavior.) What concerns me about this is that I'm seeing unexpected behavior, based on the addition of a period in the URL. Something is getting parsed in an usual way somewhere in the stack...
On Tuesday, January 6, 2015 4:15:00 AM UTC-7, cntrytwist wrote: > > Josh, > Do you see any quit request types along with this? I see quit requests and > it makes the web application complain that it doesn't know what kind of > request that is. > Kent > > On Monday, January 5, 2015 6:28:56 PM UTC-7, Joshua Siler wrote: >> >> Hi, >> >> We're getting some weird exceptions that look like hack attempts, and I'm >> hoping someone can help us understand them. It looks like an intentionally >> malformed URL is somehow causing unexpected behavior. >> >> Here's what we're seeing. These URLS: >> >> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b >> ),h.before=b,e= >> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h. >> https://gadgetco.hiringthing.com/admin/jobs/k(b.onLoad)&&n(a,'load >> ',h.onLoad),null==h||'none' >> >> Will crash our system, and the trace doesn't include any files from our >> application (just framework code), trying to load a "Jobs" object that >> doesn't exist. >> >> https://gadgetco.hiringthing.com/admin/jobs/somerandomstring >> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h >> >> will work correctly, hitting our controller and successfully redirect the >> user somewhere, and >> >> https://gadgetco.hiringthing.com/admin/jobs/1 >> >> will also work correctly, using Job.find(params[:id]) to load a job (note >> object is Job not Jobs). >> >> Something different is going on between: >> >> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h. >> (fails) >> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h >> (works correctly) >> >> and I don't know what. None of the related routes have any fancy regex or >> anything unusual. Any insight would be appreciated. >> >> Thanks for your help. >> Josh >> >> >> -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/a33454a6-7e7f-4e92-a1b1-90de67817337%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
