Catching exceptions that don't reach your app

[Steve H]

Hi Roro,

Some idiot is posting junk to myapp.com/xmlrpc.php in what I can only assume is part of a generic hacking attempt.

I get: REXML::ParseException: Missing end tag for 'base64' (got "param") Line: 1 Position: 5024 Last 80 unconsumed characters:

However the stack trace doesn't show a point in my app where I can catch it as the error was thrown while parsing the XML from Rack.

Stack trace via airbrake: https://gist.github.com/3057978

Any ideas?

[Warren Seen]

I wouldn't even bother letting this get to your app if you can avoid it. If you have control over your web server (ie apache/nginx) then set up a rule that just blocks any request to xmlrpc.php?

--
You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group.
To view this discussion on the web visit https://groups.google.com/d/msg/rails-oceania/-/gSg1kzmxCfEJ.
To post to this group, send email to rails-...@googlegroups.com.
To unsubscribe from this group, send email to rails-oceani...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.

[Malcolm Locke]

On Fri, Jul 06, 2012 at 02:07:25PM +1000, Warren Seen wrote:
> I wouldn't even bother letting this get to your app if you can avoid
> it. If you have control over your web server (ie apache/nginx) then
> set up a rule that just blocks any request to xmlrpc.php?

If you're on Apache, something like the following should do it (within
your VirtualHost block);

<Location /xmlrpc.php>
Deny from all
</Location>

This is untested, so use at your own risk etc etc.

Malc