Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to silence ActionController::UnknownHttpMethod errors?

Tags:

http

nginx

ruby-on-rails

On my Rails production website I sometimes get a dozen or so errors along the lines of:

An ActionController::UnknownHttpMethod occurred in #:

TRACK, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH

I guess this is when bots hit my site with HTTP methods that Rails can't handle (in my case it's mostly OPENVAS, TRACK, DEBUG, TRACK, and INDEX but also weird methods like WMIXLVXM).

Is there a way to silence these messages in any way? I am still unsure as to whether this is a Rails issue or an Nginx issue.

I am using a custom controller to render custom error pages to the user:

Rails.application.routes.draw do

  %w(404 500).each do |status|
    match status, :to => 'errors#show', :status => status, :via => :all
  end

  ...

end

class ErrorsController < ApplicationController

  def show
    status = params[:status] || 500
    @title = "Error"
    render(:status => status, :template => "errors/show.html.erb")
  end

end

But my custom controller is probably not causing the errors?

Thanks for any help.

like image 631
Tintin81 Avatar asked Apr 11 '19 19:04

Tintin81

2 Answers

Since these are requests that you are not going to handle anyway, better way is to limit https methods at nginx level, so that these will not hit rails at all:

server {
  # (your vhost for this app)

  if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS|PATCH)$ ){
    return 405;
  }
}
like image 99
Vasfed Avatar answered Oct 08 '22 16:10

Vasfed

Actually, what bothers me the most is the Exception Notifications I am getting from Rails when a bot hits my site with an unknown HTTP method. (Sometimes I get a dozen or so exception emails à la An ActionController::UnknownHttpMethod occurred in ... within a matter of seconds.)

So in my production.rb I added one extra line:

  config.middleware.use ExceptionNotification::Rack,
    :ignore_exceptions => ['ActionController::UnknownHttpMethod'] + ExceptionNotifier.ignored_exceptions, # I added this line
    :email => {
      :email_prefix => "[ERROR]",
      :sender_address => %{"Error Notification" <[email protected]>},
      :exception_recipients => %w{[email protected]}
    }

Let's see how that works out. I will post updates in a few weeks.

like image 24
Tintin81 Avatar answered Oct 08 '22 17:10

Tintin81
Sign in to Comment

Related questions

Minitest tests fail with custom HTTP headers in Rails 4.2
HTTP status code 302
ActiveRecord destroy_all
Rails Omniauth for Linkedin not working
Is there a way to alert/popup in a rails controller method without rendering any other js file
How to disable specific value in dropdown select with simple_form?
Shrine gem - how to delete uploaded images from s3
How to Run a Python Script from a Rails Application?
Rails .joins() between tables and .where() condition
Errno::ENOENT - No such file or directory @ rb_sysopen
Cannot install gems from git in dockerized rails app
Getting Rails 5 app to return JSON API format
How to generate and fill the missing data following the numerical sequence in a hash
Rails MySQL2 default wait_timeout so HUGE
Improve speed of complex postgres query in rails app
cyrillic strings Я̆ Я̄ Я̈ return length 2 instead of 1 in ruby and other programming languages
undefined method `get?' for 302:Integer
How can I `git diff` changes to rails 5.2 credentials?
When is an ActiveRecord query executed?
How to use Rails with uppercase column name?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!