Stop Exception Notifications With The ZombieShotgun

Posted On: July 6th, 2008 by kencollins

I am all about knowing how to survive a zombie invasion – as much as I am a firm believer of using the right tool for a given job. It can not be argued that killing zombies with a shotgun to the head is as natural a fit as peanut butter to chocolate. They simply just go together.

Now real zombies may not be a daily nuisance, but computer zombies are a daily pain in the butt to network administrators as well as software engineers alike. If you have ever deployed a rails application into production that used some sort of exception notification, then you may at some time seen some zombie attacks throw a bunch of exceptions. My solution a few years back was to build my own ZombieShotgun module, see below.

The idea is simple, include the module and add this line to the very top of your filter chain before_filter :shoot_zombies. Just like in real life, if rails detects a zombie attack, it will issue a 404 not found error in the beautiful rails syntax head :not_found. I love it when code models the real world! Please note that there are a ton of better ways to accomplish user agent filtering, most notably, in your web server config... but that does not mean this is not a fun module to use.


module ZombieShotgun
  
  ZOMBIE_AGENTS       = ['Microsoft Office Protocol Discovery','Microsoft Data Access Internet Publishing Provider Protocol Discovery','FrontPage']
  ZOMBIE_ATTACK_DIRS  = ['_vti_bin','MSOffice','verify-VCNstrict','notified-VCNstrict']
  
  protected
  
  def shoot_zombies
    head :not_found if zombie_attack?
  end
  
  def zombie_attack?
    zombie_attack_on_directory? || zombie_agent_attack?
  end
  
  def zombie_attack_on_directory?
    attack = request.path.from(1)
    attack_dir = attack.index('/').nil? ? attack : attack.to(attack.index('/')-1)    
    ZOMBIE_ATTACK_DIRS.include?(attack_dir)
  end
  
  def zombie_agent_attack?
    ua = request.env['HTTP_USER_AGENT']
    !ua.blank? && ZOMBIE_AGENTS.any? { |za| za =~ /#{ua}/ }
  end
  
  
end

Ken Collins

HOMEPAGE | July 6th, 2008 at 03:24 PM

One thing to note, If you use this for pre rails 2.1, then you will have to return a false in the shoot_zombies method so it will stop the filter chain. I believe rails 2.1 now assumes that any render or redirect stops the filter chain now.

Hongli Lai

HOMEPAGE | July 6th, 2008 at 05:58 PM

Better turn ZOMBIE_ATTACK_DIRS into a Set. Array#include?() takes linear time while Set#include?() takes constant time in the average case. ZOMBIE_AGENTS should also be turned into a single regular expression.

Ken Collins

HOMEPAGE | July 6th, 2008 at 06:56 PM

@Hongli I totally agree! I have not done a double take on this code in well over a year or two, when I was new to programming altogether. The optimizations / best practices I'll leave to those that choose to use this and test it :) Thanks for hanging out and commenting on my blog!

Justin Marney

HOMEPAGE | July 7th, 2008 at 09:27 AM

According to http://en.wikipedia.org/wiki/The_Zombie_Survival_Guide a shotgun, while seemingly effective, might get you in trouble when you run out of shells. It is worth remembering that any infection outbreak has the potential to last years. Sustainability is key. I've heard that a http://en.wikipedia.org/wiki/Coa_de_jima is one of the best tools for the job.

Wesley Moxam

HOMEPAGE | July 9th, 2008 at 10:09 AM

I tried dealing with this issue too, by routing requests that were using the OPTIONS http verb. I wrote about it here: http://rails.learnhub.com/lesson/page/2329-dealing-with-microsoft-office-protocol-discovery-in-rails That solution didn't work so well, as it ended up matching on incorrect urls, thus sending me an exception notification every time there was a 404.

DEkart

HOMEPAGE | July 17th, 2008 at 02:56 AM

I think it's better to stop such requests with your proxy server or load balancing software. Nginx, Apache, Lighttpd, or any other stuff that proxies requests to application servers. In this case zombues will not abuse your application.