Forum: Ruby on Rails Raising a more approprriate error when rescuing RoutingError

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Chris K. (Guest)
on 2007-06-23 17:10
Hello,

I'd like to rescue ActionController::RoutingError and, depending on
context, raise a more appropriate error.

A slightly contrived example: I've been seeing a lot of requests for
.php files. There's no PHP on my server, and all of these requests are
script kiddie scans looking for known-exploitable scripts. So, in this
special case, I want to raise something like Ruby's built-in
SecurityError instead. This would make my logged exceptions more useful.

So I tried this:


# in application.rb
def rescue_action_in_public(e)
  case e
    when ActionController::RoutingError
      if request.path =~ /\.php$/
        raise SecurityError, "PHP request"
      else
        super
      end
    # [snip: handle more exceptions here]
    else
      super
  end
end


Unfortunately, this blows up and I get the failsafe 500:
> DISPATCHER FAILSAFE RESPONSE (has cgi) Sat Jun 23 04:51:28 -0700 2007
>   Status: 500 Internal Server Error
>   No route matches "/test.php" with {:method=>:get}
>   [snip: usual stack trace for a RoutingError]


The strange thing is, if I try this with an error other than
RoutingError, it works as expected. (For example, substituting in
ActiveRecord::RecordNotFound, and a request like /users/99999.php, with
routing to match '/users/:id.:format'.)


I suppose this might have something to do with how early a RoutingError
gets raised in the request cycle. But, I can confirm that
rescue_action_in_public is getting called (log.debug statement in there
works as expected).


Thoughts? Thanks for reading, I know that was long.


Chris K.
http://kampers.net
This topic is locked and can not be replied to.