Closed lasseebert closed 5 years ago
I don't have an answer ready for this issue. These logs come from the parser in Ace, because each connection is isolated there is no harm in these logs but in that case they should not keep spamming your logs.
In my opinion there are two options here.
My preference is for 1 because it is simpler, and it handles the case you need right now.
@CrowdHailer 1. works for me too. I have not yet looked at Ace source code, but please let me know if you would like me to take a go on it ;)
It would be great if there were more eyes on the ace code. 👍
I'm hoping not too hard an issue to fix, hopefully just one extra case clause somewhere.
On Thu, 28 Mar 2019, 05:05 Lasse Skindstad Ebert, notifications@github.com wrote:
@CrowdHailer https://github.com/CrowdHailer 1. works for me too. I have not yet looked at Ace source code, but please let me know if you would like me to take a go on it ;)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/CrowdHailer/raxx/issues/173#issuecomment-477449723, or mute the thread https://github.com/notifications/unsubscribe-auth/AFlznqpdzAYvqsZoj212nI6NBs8jR7Siks5vbE2xgaJpZM4cOxKG .
I think it should just send a default 501 response
The 501 (Not Implemented) status code indicates that the server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource. A 501 response is cacheable by default; i.e., unless otherwise indicated by the method definition or explicit cache controls (see Section 4.2.2 of [RFC7234]).
@lasseebert Fixed in Ace with this commit https://github.com/CrowdHailer/Ace/commit/6a456447d5562385124f56d95e1b1f6dc2367c8f
Will release 0.18.7
soon
Awesome, thanks!
I have Raxx and Ace running in production and noticed some error logs with weird HTTP verbs like
PROPFIND
,PING
andWSPB
.Someone is obviously trying to find security flaws and hoping to see certain systems like WebDAV.
How can I handle unexpected HTTP verbs? In this case I would like to just return a 404 or similar and not log an error to my log.
I can reproduce locally by starting my Ace/Raxx app and hitting it with this curl:
It will give this error log, which is similar to the one on my production deploy: