尝试区分不良资源链接和网站外部的随机不良网址

发布于 2024-09-11 09:04:48 字数 624 浏览 4 评论 0原文

我正在努力让我的异常通知更智能一些。目前,如果我有一个错误的资源链接,例如文件链接标记中引用的错误命名的 javascript 文件,则会触发“无路由匹配”错误。如果有人只是输入一些随机网址(例如,在尝试破解该网站时),我还会收到“无路由匹配”错误。我试图区分这两种“无路由匹配”错误之间的区别,因此我可以在第一种情况下发送“某些内容损坏”电子邮件,在第二种情况下发送“有人试图破解该网站”电子邮件。

我认为我可以通过查看 request.referer 来做到这一点,并认为,如果我的其中一个页面具有指向不存在文件的链接,则引用者将是我的网站。

这适用于页面链接:即,如果我的其中一个页面有一个指向不存在的页面的链接,那么 request.referer 就会作为带有错误链接的页面出现,所以我知道这是网站内部的真正错误。但是,对于样式表、JavaScript 文件和图像等资产的链接,它会显示为 nil,就像有人从网站外部发出一些随机请求时一样。所以,我无法区分。

我在开发模式下看到了这一点,其中所有文件链接都仅指向 localhost:3000 - 在我的服务器上我使用 asset0 -> asset3 技巧让浏览器认为它正在从四个不同的服务器提取文件。我只是提一下这一点,以免事情变得更加复杂。

我如何区分?感谢您的任何建议 - 最大

I'm trying to make my exception notification a bit smarter. Currently, if i have a bad resource link such as a misnamed javascript file referred to in a file link tag, it triggers a "No route matches" error. I also get a "No route matches" error if someone just types some random url (eg when trying to hack the site). I'm trying to tell the difference between these two kinds of "no route matches" errors, so i can send a 'something broke' email in the first case and a 'someone tried to hack the site' email in the second case.

I thought that i would be able to do that by looking at request.referer, thinking that, in the case where one of my pages has a link to a non-existent file, that the referer would be my site.

This works for page links: ie, if one of my pages has a link to a page that doesn't exist, then request.referer comes through as the page with the bad link, and so i know that it's a genuine error inside the site. But, for links to assets such as stylesheets, javascript files and images, it comes through as nil, same as it does if someone makes some random request from outside the site. So, i can't tell the difference.

I'm seeing this in development mode, where all the file links just point to localhost:3000 - on my server i use the assets0 -> assets3 trick to make the browser think that it's pulling files from four different servers. I just mention this in case it makes things more complicated.

How can i tell the difference? Grateful for any advice - max

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

不可一世的女人 2024-09-18 09:04:48

嗯 - 有趣的想法!

一个(相当hacky)的选择是在routes.rb的底部有一组包罗万象的路线,用于您知道几乎正确的路线,例如(注意未测试):

"/public/javascripts/:scriptname" => :controller => "Application", :action => "broken_script_link"

这有点恶心,但是你用它捕获的任何东西都可以作为其他东西记录。

Hmm - interesting idea!

One (rather hacky) option would be to have a set of catch-alls at the bottom of routes.rb for routes that you know are almost right eg (note not tested):

"/public/javascripts/:scriptname" => :controller => "Application", :action => "broken_script_link"

it's a bit yuck, but anything you catch with that would then be loggable as something else.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文