Managing bad URL: .../

Report · Jun 29, 2013

Last couple of months I have been getting a lot of hits from a Synapse bot. I think whoever coded it must have made an error, as some of the links are truncated to url/.../index.cfm. (oddly Bing bot seems to have picked up a couple of these).

I say 'bot', but this UA comes from a wide range of IP addresses from all over the globe;I am suspicious. and I don't think it is a site coding error as it is only triggered with a 'synapse' UA.

Here is the odd thing. On the test server - in theory identical to the production server - this generates a 404 error, as you would expect. However, on the production server - theoretically identical, same version of CF (CF9), same config/admin setup, etc - it generates and exception error. This is more annoying than anything else as it is filling the error log, and setting off unnecessary alarms. I guess I could write some code in the error.cfm to redirect to 404 if the URL has '...' in it, but would like to understand more about why the two instances of CF are bahaving differently.

Here is some relevant information:

from the CGI variables:

HTTP_REFERER	[empty string]
HTTP_USER_AGENT	Mozilla/4.0 (compatible; Synapse)

PATH_INFO

/.../271/James-McBride

PATH_TRANSLATED

c:\xxxxxxxx\xxxxxxxxx\...\full\index.cfm

REMOTE_USER	[empty string]
REQUEST_METHOD	GET
SCRIPT_NAME	/.../full/index.cfm

and the CFERROR

Browser

Mozilla/4.0 (compatible; Synapse)

DateTime

{ts '2013-06-29 11:18:50'}

Diagnostics

String index out of range: -1 null <br>The error occurred on line -1.

GeneratedContent

[empty string]

HTTPReferer

[empty string]

Mailto

[empty string]

Message

String index out of range: -1

QueryString

[empty string]

RemoteAddress

2.144.163.234

RootCause

struct

Message

String index out of range: -1

StackTrace

java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.AbstractStringBuilder.delete(AbstractStringBuilder.java:698) at java.lang.StringBuffer.delete(StringBuffer.java:373) at coldfusion.util.Utils.collapseDotDots(Utils.java:647) at coldfusion.util.Utils.canonicalizeURI(Utils.java:601) at coldfusion.filter.PathFilter.invoke(PathFilter.java:43) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:201) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

TagContext

array [empty]

Type

java.lang.StringIndexOutOfBoundsException

Any thoughts, ideas or observations would be welcome!

Report · Jul 29, 2013

I am having the exact same issue, it seems that any combination such as "/........................../myfile.cfm" will result in the samething. I am using CF10 with all the latests updates...

Report · Jul 29, 2013

Done a bit more testing and I think this is an issue with CF itself. Just having "..." (or more than ..) in the url anywhere will trigger this for example: /...index.cfm will reuslt in the same error. Even if the page does not exist the error will still occur.

Report · Jul 31, 2013

Not sure why it would be considered a ColdFusion issue.

With URLs, '.' and '..' hold value. The first means "The current directory" whereas the latter means "Move up a directory", however "..." (and anything more) means nothing. Dots are also used to separate pathing and filenames from their extension, ie: "folder/files.gif" so that IIS knows which handler to pass off to in order to handle the request. When you call a ".cfm" file, IIS passes off the request to ColdFusion's handler mapping to process the request.

It seems to me like someone is trying to scrape data from your page. Maybe via a poorly written HTTP get request and then parsing the data returned. If the error messages really bug you, you could either go so far as to do a reverse IP lookup (looks like the IP shown there is from the Islamic Republic of Iran), and contact the technical owner for more information on what may be originating from that range.

Report · Jul 31, 2013

Aegis,

Have a look at the first post. We understand what the dots mean. Agreed that it is a pooly written bot/scraper (although odd Bing picked it up); that's what I said initially.

The problem - and questrion - is about how ColdFusion is handling it. specifically suggestions why it is handled differently on two different CF servers. On the live server it creates an error. On the test server it is handled as a 404 error. In theory the two servers are identical, IIS is identical, base OS is identical..so I was asking for ideas as to why the two CF instances manage the error differently.

Report · Aug 01, 2013

The simplest answser is that the difference between the 2 environments, is the environment. If you don't have it PERFECTLY duplicated between one and the other, things can behave differently. You state it's identical, but chances are is cannot be. There's no reason why identical environments would operate differently in the exact same situation.

What are the feaure settings for the error handling? Are they using Custom, Detailed, Combination? Are you using a server-wide missing template handler?

Report · Aug 01, 2013

I have also had the same issue developing on my localmachine using the built in CF web server. Like P3142 says I would expect a URL such as /.../fakefile.cfm to return a 404, on servers that do not have CF installed this is what will happen.

Adobe Community

Managing bad URL: .../