Invalid request URL generates 500 error #14298

Closed
ZipoKing opened this Issue Mar 6, 2014 · 2 comments

Projects

None yet

3 participants

@ZipoKing
ZipoKing commented Mar 6, 2014

Last time I've started seeing following scans in web server log:

113.203.137.89 - - [05/Mar/2014:11:13:27 +0000] "GET //..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"
113.203.137.89 - - [05/Mar/2014:11:13:28 +0000] "GET //%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"
113.203.137.89 - - [05/Mar/2014:11:13:28 +0000] "GET //%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"
113.203.137.89 - - [05/Mar/2014:11:13:29 +0000] "GET //%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af/windows/win.ini HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"
113.203.137.89 - - [05/Mar/2014:11:13:31 +0000] "GET //..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/etc/passwd HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"
113.203.137.89 - - [05/Mar/2014:11:13:32 +0000] "GET //..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/windows/win.ini HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"
113.203.137.89 - - [05/Mar/2014:11:13:32 +0000] "GET //%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%aeetc/passwd HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"
113.203.137.89 - - [05/Mar/2014:11:13:32 +0000] "GET //%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%ae%c0%aewindows/win.ini HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"
113.203.137.89 - - [05/Mar/2014:11:13:33 +0000] "GET //%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c/etc/passwd HTTP/1.1" 500 2042 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" "-"

and when checked Rails log in order to check what is generating this 500 error I've found following:

ArgumentError (invalid byte sequence in UTF-8):
  activesupport (3.2.17) lib/active_support/inflector/methods.rb:79:in `gsub!'
  activesupport (3.2.17) lib/active_support/inflector/methods.rb:79:in `underscore'
  activesupport (3.2.17) lib/active_support/core_ext/string/inflections.rb:106:in `underscore'
  actionpack (3.2.17) lib/action_dispatch/routing/route_set.rb:77:in `normalize_controller!'
  actionpack (3.2.17) lib/action_dispatch/routing/route_set.rb:40:in `prepare_params!'
  actionpack (3.2.17) lib/action_dispatch/routing/route_set.rb:29:in `call'
  journey (1.0.4) lib/journey/router.rb:68:in `block in call'
  journey (1.0.4) lib/journey/router.rb:56:in `each'
  journey (1.0.4) lib/journey/router.rb:56:in `call'
  actionpack (3.2.17) lib/action_dispatch/routing/route_set.rb:608:in `call'
  newrelic_rpm (3.7.2.195) lib/new_relic/rack/error_collector.rb:55:in `call'
  newrelic_rpm (3.7.2.195) lib/new_relic/rack/agent_hooks.rb:32:in `call'
  newrelic_rpm (3.7.2.195) lib/new_relic/rack/browser_monitoring.rb:27:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
  rack (1.4.5) lib/rack/etag.rb:23:in `call'
  rack (1.4.5) lib/rack/conditionalget.rb:25:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/head.rb:14:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/flash.rb:242:in `call'
  rack (1.4.5) lib/rack/session/abstract/id.rb:210:in `context'
  rack (1.4.5) lib/rack/session/abstract/id.rb:205:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/cookies.rb:341:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
  activesupport (3.2.17) lib/active_support/callbacks.rb:405:in `_run__4222815071190948051__call__1990720898570448356__callbacks'
  activesupport (3.2.17) lib/active_support/callbacks.rb:405:in `__run_callback'
  activesupport (3.2.17) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
  activesupport (3.2.17) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (3.2.17) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  rack (1.4.5) lib/rack/sendfile.rb:102:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
  railties (3.2.17) lib/rails/rack/logger.rb:32:in `call_app'
  railties (3.2.17) lib/rails/rack/logger.rb:16:in `block in call'
  activesupport (3.2.17) lib/active_support/tagged_logging.rb:22:in `tagged'
  railties (3.2.17) lib/rails/rack/logger.rb:16:in `call'
  actionpack (3.2.17) lib/action_dispatch/middleware/request_id.rb:22:in `call'
  rack (1.4.5) lib/rack/methodoverride.rb:21:in `call'
  rack (1.4.5) lib/rack/runtime.rb:17:in `call'
  activesupport (3.2.17) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
  rack (1.4.5) lib/rack/lock.rb:15:in `call'
  rack-cache (1.2) lib/rack/cache/context.rb:136:in `forward'
  rack-cache (1.2) lib/rack/cache/context.rb:245:in `fetch'
  rack-cache (1.2) lib/rack/cache/context.rb:185:in `lookup'
  rack-cache (1.2) lib/rack/cache/context.rb:66:in `call!'
  rack-cache (1.2) lib/rack/cache/context.rb:51:in `call'
  railties (3.2.17) lib/rails/engine.rb:484:in `call'
  railties (3.2.17) lib/rails/application.rb:231:in `call'
  railties (3.2.17) lib/rails/railtie/configurable.rb:30:in `method_missing'
  /opt/ruby/lib/ruby/gems/2.0.0/gems/passenger-4.0.37/lib/phusion_passenger/rack/thread_handler_extension.rb:77:in `process_request'
  /opt/ruby/lib/ruby/gems/2.0.0/gems/passenger-4.0.37/lib/phusion_passenger/request_handler/thread_handler.rb:142:in `accept_and_process_next_request'
  /opt/ruby/lib/ruby/gems/2.0.0/gems/passenger-4.0.37/lib/phusion_passenger/request_handler/thread_handler.rb:110:in `main_loop'
  /opt/ruby/lib/ruby/gems/2.0.0/gems/passenger-4.0.37/lib/phusion_passenger/request_handler.rb:448:in `block (3 levels) in start_threads'

I think that in such case "400 Bad Request" should be sent.

@seanfreiburg

According to Wikipedia, it seems you would be correct:

400 Bad Request
The request cannot be fulfilled due to bad syntax.

@pixeltrix
Member

This is in fact what happens with Rails 4.0 and later

@pixeltrix pixeltrix closed this Mar 7, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment