Rails3 站点根重定向和设计 - 我可以在重定向之前捕获初始 URL 查询字符串吗?
在我的routes.rb文件中,我的根设置如下:
root :to => "portal#index"
在门户控制器中,Devise介入以验证用户身份
before_filter :authenticate_user!
并将用户重定向到/users/sign_in
一切正常...
我看到很多入侵尝试在我的具有这种类型 URL 的日志中,
example.com/?gclid=CPTKkZqfu6kCFVOFzAodLUa9-Q
我想将访问者记录到 Rails 应用程序内的网站,并且我想使用此字符串来区分真正的访问者和入侵尝试,
但我通过以下方式丢失了该查询字符串:重定向到/users/sign_in...
除了 Web 服务器日志之外,是否有任何方法可以捕获 Rails 应用程序中的初始查询字符串?
一种想法...我正在使用 Rails3,所以我在后台使用 Rack - 我可以通过 Rack 访问字符串吗?
谢谢
这是我对自己问题的回答 - StackOverflow 不会让我在 8 小时内发布答案?!?!?但我可以编辑我原来的问题...叹息
在我的application_controller中,我添加了这个方法,它存储当前的request.url和会话中的前一个,
def store_request_url_in_session
session['request_url_prev'] = session['request_url']
session['request_url'] = request.url
end
然后我调用它before我的身份验证调用
before_filter :store_request_url_in_session
before_filter :authenticate_user!
现在,它在每个操作上被调用,但它只是分配两个字符串
在我的sessions_controller(默认设计控制器的子类)中,我添加了这个过滤器
before_filter :log_http_request
,它仅在以下情况下才写入日志记录:当前的行动是'sign_in'
def log_http_request
if request.url =~ /sign_in/
logger.info("**** #{request.remote_ip} | #{session['request_url']} | #{session['request_url_prev']} ")
end
session.delete('request_url')
end
这并不优雅,但它让我得到了我现在需要的东西。因此,像这样的入侵尝试:
http://localhost:3000/?gclid=CPTKkZqfu6kCFVOFzAodLUa9-Q
被记录为
**** 127.0.0.1 | http://localhost:3000/users/sign_in | http://localhost:3000/?gclid=CPTKkZqfu6kCFVOFzAodLUa9-Q
欢迎清洁解决方案!
In my routes.rb file I have my root set like this:
root :to => "portal#index"
In the portal controller, Devise steps in to authenticate the user
before_filter :authenticate_user!
and redirects users to /users/sign_in
All that works fine...
I'm seeing a lot of intrusion attempts in my logs that have this type of url
example.com/?gclid=CPTKkZqfu6kCFVOFzAodLUa9-Q
I want to log visitors to the site WITHIN the Rails app and I want to use this string to distinguish real visitors from intrusion attempts
But I lose that query string through the redirection to /users/sign_in...
Is there any way to capture that initial query string within the Rails app, other than in the web server logs?
One thought...I am using Rails3 so I'm using Rack under the hood - might I have access to the string through Rack?
thanks
Here is my answer to my own question - StackOverflow won't let me post an answer for 8 hours ?!?!? but I can edit my original question... sigh
In my application_controller I've added this method which stores the current request.url and the previous one in the session
def store_request_url_in_session
session['request_url_prev'] = session['request_url']
session['request_url'] = request.url
end
I then call that before my authentication call
before_filter :store_request_url_in_session
before_filter :authenticate_user!
Now, that gets called on every action, but it is simply assigning two strings
In my sessions_controller (subclassed from the default devise controller) I add this filter
before_filter :log_http_request
which is what writes a log record only when the current action is 'sign_in'
def log_http_request
if request.url =~ /sign_in/
logger.info("**** #{request.remote_ip} | #{session['request_url']} | #{session['request_url_prev']} ")
end
session.delete('request_url')
end
It's not elegant but it gets me what I need right now. So an intrusion attempt like this:
http://localhost:3000/?gclid=CPTKkZqfu6kCFVOFzAodLUa9-Q
is logged as
**** 127.0.0.1 | http://localhost:3000/users/sign_in | http://localhost:3000/?gclid=CPTKkZqfu6kCFVOFzAodLUa9-Q
Cleaner solutions are welcomed!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您也许可以使用
我不太熟悉的设备在会话变量中捕获它,所以不能肯定地说。只需将其放入门户控制器的索引操作中即可。
you might be able to capture it in a session variable using
I'm no so familiar with devise so can't say for sure. Just put this in your index action in the portal controller.