1

I noticed that when a bot is on my website looking for ways to hack it, it tries random URL.

I get the following info warning.

 ActionController::RoutingError (No route matches [GET] "/.ENV"):

Immediately following the info warning, I get a fatal critical error.

I assume a no match should not cause a fatal error, so what is going on? How do I trouble shoot this and fix the fatal error?

Logs:

2022-02-17T18:31:34.137656+00:00 app[web.1]: I, [2022-02-17T18:31:34.137492 #9]  INFO -- : [dc7133cd-ffca-4859-877a-c4b1c22549b4] Started GET "/.env" for 172.70.126.151 at 2022-02-17 18:31:34 +0000

2022-02-17T18:31:34.139166+00:00 app[web.1]: D, [2022-02-17T18:31:34.138940 #9] DEBUG -- : [dc7133cd-ffca-4859-877a-c4b1c22549b4] User excluded error: #<ActionController::RoutingError: No route matches [GET] "/.env">

2022-02-17T18:31:34.139941+00:00 app[web.1]: F, [2022-02-17T18:31:34.139886 #9] FATAL -- : [dc7133cd-ffca-4859-877a-c4b1c22549b4]   

2022-02-17T18:31:34.139953+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] ActionController::RoutingError (No route matches [GET] "/.env"):

2022-02-17T18:31:34.139954+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4]   

2022-02-17T18:31:34.139955+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] actionpack (6.0.3.7) lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call'

2022-02-17T18:31:34.139955+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] actionpack (6.0.3.7) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'

2022-02-17T18:31:34.139955+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] railties (6.0.3.7) lib/rails/rack/logger.rb:37:in `call_app'

2022-02-17T18:31:34.139956+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] railties (6.0.3.7) lib/rails/rack/logger.rb:26:in `block in call'

2022-02-17T18:31:34.139956+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] activesupport (6.0.3.7) lib/active_support/tagged_logging.rb:80:in `block in tagged'

2022-02-17T18:31:34.139957+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] activesupport (6.0.3.7) lib/active_support/tagged_logging.rb:28:in `tagged'

2022-02-17T18:31:34.139957+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] activesupport (6.0.3.7) lib/active_support/tagged_logging.rb:80:in `tagged'

2022-02-17T18:31:34.139958+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] railties (6.0.3.7) lib/rails/rack/logger.rb:26:in `call'

2022-02-17T18:31:34.139958+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] actionpack (6.0.3.7) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'

2022-02-17T18:31:34.139959+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] actionpack (6.0.3.7) lib/action_dispatch/middleware/request_id.rb:27:in `call'

2022-02-17T18:31:34.139959+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] rack (2.2.3) lib/rack/method_override.rb:24:in `call'

2022-02-17T18:31:34.139959+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] rack (2.2.3) lib/rack/runtime.rb:22:in `call'

2022-02-17T18:31:34.139960+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] activesupport (6.0.3.7) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'

2022-02-17T18:31:34.139960+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] actionpack (6.0.3.7) lib/action_dispatch/middleware/executor.rb:14:in `call'

2022-02-17T18:31:34.139961+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] actionpack (6.0.3.7) lib/action_dispatch/middleware/static.rb:126:in `call'

2022-02-17T18:31:34.139961+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] rack (2.2.3) lib/rack/sendfile.rb:110:in `call'

2022-02-17T18:31:34.139961+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] actionpack (6.0.3.7) lib/action_dispatch/middleware/ssl.rb:74:in `call'

2022-02-17T18:31:34.139968+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] actionpack (6.0.3.7) lib/action_dispatch/middleware/host_authorization.rb:76:in `call'

2022-02-17T18:31:34.139968+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] sentry-raven (3.1.2) lib/raven/integrations/rack.rb:51:in `call'

2022-02-17T18:31:34.139968+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] hirefire-resource (0.8.1) lib/hirefire/middleware.rb:38:in `call'

2022-02-17T18:31:34.139968+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] railties (6.0.3.7) lib/rails/engine.rb:527:in `call'

2022-02-17T18:31:34.139969+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] puma (4.3.9) lib/puma/configuration.rb:228:in `call'

2022-02-17T18:31:34.139969+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] puma (4.3.9) lib/puma/server.rb:718:in `handle_request'

2022-02-17T18:31:34.139969+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] puma (4.3.9) lib/puma/server.rb:472:in `process_client'

2022-02-17T18:31:34.139969+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] puma (4.3.9) lib/puma/server.rb:328:in `block in run'

2022-02-17T18:31:34.139969+00:00 app[web.1]: [dc7133cd-ffca-4859-877a-c4b1c22549b4] puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread'

2022-02-17T18:31:34.140817+00:00 heroku[router]: at=info method=GET path="/.env" host=staging.domain.com request_id=dc7133cd-ffca-4859-877a-c4b1c22549b4 fwd="2600:1700:b10:9640:f096:4739:6442:3fe3,172.70.126.151" dyno=web.1 connect=0ms service=6ms status=404 bytes=1966 protocol=https

2022-02-17T18:31:45.085231+00:00 heroku[web.1]: source=web.1 dyno=heroku.130871651.b84fda64-f10b-429f-a330-d43dfb1525fe sample#load_avg_1m=0.00 sample#load_avg_5m=0.00 sample#load_avg_15m=0.00

2022-02-17T18:31:45.115556+00:00 heroku[web.1]: source=web.1 dyno=heroku.130871651.b84fda64-f10b-429f-a330-d43dfb1525fe sample#memory_total=274.26MB sample#memory_rss=251.54MB sample#memory_cache=22.72MB sample#memory_swap=0.00MB sample#memory_pgpgin=83227pages sample#memory_pgpgout=13017pages sample#memory_quota=512.00MB

2022-02-17T18:31:48.423645+00:00 heroku[worker.1]: source=worker.1 dyno=heroku.130871651.052aee64-5021-45f3-bd0d-aa3300479f2f sample#load_avg_1m=0.00 sample#load_avg_5m=0.02 sample#load_avg_15m=0.03

2022-02-17T18:31:48.467744+00:00 heroku[worker.1]: source=worker.1 dyno=heroku.130871651.052aee64-5021-45f3-bd0d-aa3300479f2f sample#memory_total=213.85MB sample#memory_rss=213.18MB sample#memory_cache=0.68MB sample#memory_swap=0.00MB sample#memory_pgpgin=73353pages sample#memory_pgpgout=18607pages sample#memory_quota=512.00MB

2022-02-17T18:32:07.879579+00:00 heroku[web.1]: source=web.1 dyno=heroku.130871651.b84fda64-f10b-429f-a330-d43dfb1525fe sample#load_avg_1m=0.00 sample#load_avg_5m=0.00 sample#load_avg_15m=0.00

2022-02-17T18:32:07.966230+00:00 heroku[web.1]: source=web.1 dyno=heroku.130871651.b84fda64-f10b-429f-a330-d43dfb1525fe sample#memory_total=274.15MB sample#memory_rss=251.66MB sample#memory_cache=22.49MB sample#memory_swap=0.00MB sample#memory_pgpgin=83258pages sample#memory_pgpgout=13075pages sample#memory_quota=512.00MB

2022-02-17T18:32:23.521477+00:00 heroku[worker.1]: source=worker.1 dyno=heroku.130871651.052aee64-5021-45f3-bd0d-aa3300479f2f sample#load_avg_1m=0.00 sample#load_avg_5m=0.01 sample#load_avg_15m=0.03

2022-02-17T18:32:23.555014+00:00 heroku[worker.1]: source=worker.1 dyno=heroku.130871651.052aee64-5021-45f3-bd0d-aa3300479f2f sample#memory_total=213.86MB sample#memory_rss=213.18MB sample#memory_cache=0.68MB sample#memory_swap=0.00MB sample#memory_pgpgin=73355pages sample#memory_pgpgout=18607pages sample#memory_quota=512.00MB

2022-02-17T18:32:28.920515+00:00 heroku[web.1]: source=web.1 dyno=heroku.130871651.b84fda64-f10b-429f-a330-d43dfb1525fe sample#load_avg_1m=0.00 sample#load_avg_5m=0.00 sample#load_avg_15m=0.00

2022-02-17T18:32:29.070470+00:00 heroku[web.1]: source=web.1 dyno=heroku.130871651.b84fda64-f10b-429f-a330-d43dfb1525fe sample#memory_total=274.25MB sample#memory_rss=251.76MB sample#memory_cache=22.49MB sample#memory_swap=0.00MB sample#memory_pgpgin=83284pages sample#memory_pgpgout=13075pages sample#memory_quota=512.00MB

I handle my 404 errors from the application controller:

  def not_found
    raise ActionController::RoutingError.new("Not Found")
  rescue ActionController::RoutingError
    render_404
  end

  def render_404
    render(file: Rails.root.join("public", "404.html"), status: :not_found) && return
  end
user2012677
  • 5,465
  • 6
  • 51
  • 113
  • Does this answer your question? [Rails: redirect all unknown routes to root\_url](https://stackoverflow.com/questions/4132039/rails-redirect-all-unknown-routes-to-root-url) – dbugger Feb 17 '22 at 18:52
  • Not really, I know I can redirect, but why would I be getting a fatal error over a no route match issue? Is this standard? Fatal I view a a complete failure of the app. – user2012677 Feb 17 '22 at 18:54
  • 2
    It's an error -- you need to decide how to avoid the error or handle the error. It's fatal because your app has no idea what to do. Here is another approach https://stackoverflow.com/questions/37173519/rescue-from-actioncontrollerroutingerror-doesnt-work/37174557. – dbugger Feb 17 '22 at 21:18
  • This is more helpful. Thank you. – user2012677 Feb 18 '22 at 12:14

0 Answers0