I’m using exception_notifier to get an email when a 500 error occurs
in production. Lately I’m seeing a lot of nonsensical POSTs show up
that cause an InvalidAuthenticityToken error. All the fields contain
random characters. (For instance, “search_title”=>“BHQWTZpjGeb”)
Is there a way to detect them and not send the email, while still
sending the email in all other cases? I don’t want to get used to
these emails and miss one that is an actual bug in production.
How about grabbing “HTTP_USER_AGENT” from the request?
HI Paul,
On Thu, Feb 17, 2011 at 9:01 AM, paul [email protected] wrote:
I’m using exception_notifier to get an email when a 500 error occurs
in production. Lately I’m seeing a lot of nonsensical POSTs show up
that cause an InvalidAuthenticityToken error. All the fields contain
random characters. (For instance, “search_title”=>“BHQWTZpjGeb”)Is there a way to detect them and not send the email, while still
sending the email in all other cases? I don’t want to get used to
these emails and miss one that is an actual bug in production.
I’m not sure what the interplay with the exception_notifier would be
but a rescue_from before filter will let you specifically handle the
InvalidAuthenticityToken exceptions.
HTH,
Bill
Actually, I already have rescue_action_in_public. That’s how
exception_notifier sends the email.
But I just did a search and see a disturbing discussion:
https://rails.lighthouseapp.com/projects/8994/tickets/5444-rescue_action_in_public-no-longer-works
Anyway, it seems like rescue_action_in_public does work for me, so I’m
not sure I understand that, but in any case, the error message I get
from the bot reports the HTTP_USER_AGENT as “Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; SV1)”, so that isn’t a good indicator. I
haven’t seen anything in the error message that I can use to filter
on.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs