Managing bad URL: .../

Last couple of months I have been getting a lot of hits from a Synapse bot.  I think whoever coded it must have made an error, as some of the links are truncated to url/.../index.cfm.  (oddly Bing bot seems to have picked up a couple of these).
I say 'bot', but this UA comes from a wide range of IP addresses from all over the globe;I am suspicious.  and I don't think it is a site coding error as it is only triggered with a 'synapse' UA.
Here is the odd thing.  On the test server - in theory identical to the production server - this generates a 404 error, as you would expect.  However, on the production server - theoretically identical, same version of CF (CF9), same config/admin setup, etc - it generates and exception error.  This is more annoying than anything else as it is filling the error log, and setting off unnecessary alarms.  I guess I could write some code in the error.cfm to redirect to 404 if the URL has '...' in it, but would like to understand more about why the two instances of CF are bahaving differently.
Here is some relevant information:
from the CGI variables:
HTTP_REFERER
[empty string]
HTTP_USER_AGENT
Mozilla/4.0 (compatible; Synapse)
PATH_INFO
/.../271/James-McBride
PATH_TRANSLATED
c:\xxxxxxxx\xxxxxxxxx\...\full\index.cfm
REMOTE_USER
[empty string]
REQUEST_METHOD
GET
SCRIPT_NAME
/.../full/index.cfm
and the CFERROR
Browser
Mozilla/4.0 (compatible; Synapse)
DateTime
{ts '2013-06-29 11:18:50'}
Diagnostics
String index out of range: -1 null <br>The error occurred on line -1.
GeneratedContent
[empty string]
HTTPReferer
[empty string]
Mailto
[empty string]
Message
String index out of range: -1
QueryString
[empty string]
RemoteAddress
2.144.163.234
RootCause
struct
Message
String index out of range: -1
StackTrace
java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.AbstractStringBuilder.delete(AbstractStringBuilder.java:698) at java.lang.StringBuffer.delete(StringBuffer.java:373) at coldfusion.util.Utils.collapseDotDots(Utils.java:647) at coldfusion.util.Utils.canonicalizeURI(Utils.java:601) at coldfusion.filter.PathFilter.invoke(PathFilter.java:43) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:201) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 ) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
TagContext
array [empty]
Type
java.lang.StringIndexOutOfBoundsException
Any thoughts, ideas or observations would be welcome!

Not sure why it would be considered a ColdFusion issue.
With URLs, '.' and '..' hold value.  The first means "The current directory" whereas the latter means "Move up a directory", however "..." (and anything more) means nothing.  Dots are also used to separate pathing and filenames from their extension, ie: "folder/files.gif" so that IIS knows which handler to pass off to in order to handle the request.  When you call a ".cfm" file, IIS passes off the request to ColdFusion's handler mapping to process the request.
It seems to me like someone is trying to scrape data from your page.  Maybe via a poorly written HTTP get request and then parsing the data returned.  If the error messages really bug you, you could either go so far as to do a reverse IP lookup (looks like the IP shown there is from the Islamic Republic of Iran), and contact the technical owner for more information on what may be originating from that range.

Similar Messages

  • Bad URL fix does not work

    Bad url fix does not work, Skype still crashes when this string has been sent to group chat. People on the group chat are unable to load up Skype properly.

    frank604 wrote:How are you suspending?  As rdahlgren requests, can you manually try to suspend and post output of useful logs here?
    I use the built-in suspend mechanism in KDE 4.12. The problem appeared on all my computers

  • Bad URL when changing personal icon

    After some unsuccessful attempt to change my icon, I finally realized that image URLs with capital letters extensions (.JPG, .GIF) are rejected as "bad URL".
    Pls correct this or add a remark to the error message.
    Paolo
    LV 7.0, 7.1, 8.0.1, 2011

    I would suggest that you remove that restriction and accept extensions with any combination of upper and lower case characters (e.g. rename them to lowercase on the fly during submission). Many times (e.g. on windows), the extensions are hidden by default and it might not be obvious to the casual user how to modify it.
    To the OS, a JPG is a jpg is a JpG. Same difference! So why should a website care at all?
    There is no reason to make users jump through flaming hoops for nothing important.
    LabVIEW Champion . Do more with less code and in less time .

  • IO_ERROR event only fires for first bad url

    This is my first Flash application, so please bear with me.
    In the below example, I have a number of files that I load
    using loaders.
    However, when I have more than one bad url (missing file,
    wrong domain, ...) the IO_ERROR event only fires once. For all
    subsequent bad urls, the system does nothing and just hangs (when
    loading consecutively).
    A workaround is to load all images silmultaneously, but I
    still want to know what the problem is.

    Thought I'd post the solution here.
    In the end, the problem was: loading a file from an
    non-existent domain triggered no errors.
    It's apparantly a problem with FF and OS/X
    http://tinyurl.com/5q87n3

  • Access Manager console url

    I am accessing the oam console via its hostname:port/oamconsole and works fine.
    This is fine for internal access, but to access it from external network need to provide/publish
    a separate url.
    Where should one configure this externally published url to access oam console
    - on Load Balancer or OHS server?
    External network ---- Load Balancer ---- OHS server ------ OAM server
    OHS server with mod_wl_ohs pugin would act as reverse proxy for OAM server url?

    You could use either method. Note 1327863.1 gives details on using an OHS proxy (it also includes front-ending the OAM managed server urls in this way), and http://docs.oracle.com/cd/E27559_01/install.1112/e27301/webgate10g.htm gives details on how to additionally protect the OHS proxy with a WebGate, if required.
    Regards,
    Colin

  • How do I stop Firefox from thinking it crashed and doing a recovery when forced to use Windows Task manager to close a bad URL that I never want to go back to?

    Long question, I know :~) There are web sites that I may visit that will not allow me to exit the site, so I use Alt-Ctrl-Del in Windows to start the Task Manager and force the site to close by ending the program. The new version of Firefox (31.0) thinks that Firefox crashed and send me right back to the source of my problem.
    Your documentation for this process is as follows:
    After a crash
    Due to unexpected issues such as problems with a website, software errors, or an accidental loss of power, Firefox may unexpectedly close. In these situations, Firefox can restore the pages that you were visiting when it is restarted. Firefox will automatically restore your previous session, the first time you launch it after a crash.
    If Firefox crashes a second time, the Restore Session (i.e. "Well, this is embarrassing") page will appear when you next launch Firefox.
    ...and this is what I found trying to stop this process. Next, when I am forced to use Task Manager to close Firefox a second time to stop a badware site, then the 'Well this is embarrassing' dialog appears and I am finally safely away from the URL.
    I do not want Firefox automatically sending me back to a problem site.
    Thank you for any procedure you can suggest to stop Firefox from restoring problem web pages, Art Clapton

    I am unwilling to attempt navigation away from these sites. The pop-ups that occur on the attempt to leave a site or to close the browser are exit traps offering incentive to stay.
    Once upon a time, when the internet was less dangerous, I would be willing to close the exit pop-ups. Now, after twice being infected with malware trying to close the pop-ups, I now force close whichever browser I am using.
    Recently, I clicked on the red X to close one pop-up, and it installed a trojan that I had to pay to be removed. When I clicked on 'Leave' in another exit pop, it didn't exit and it turned out I was giving permission to run a script file. Now that criminals have learned these exit pop-ups can be used to force a click action, the sites using them have become dangerous.
    If I force the browser to close using Task manager, Please tell me how to stop FireFox from sending me directly back to the same site because it mistakenly believes it crashed when it did not. I forced it to close because I was on a site that had taken control of my browser and was not allowing me to leave the site.
    No other browser sends me back to the potentially dangerous sites. I prefer Firefox, but the new version must have a setting that allows me to get safely away from a problem site?

  • Inventory Management - BADI

    Good day,
    Currently the Inventory Management extractors(2LIS_03_BF, 2LIS_03_BX, 2LIS_03_UM) only extracts Local Currency. We would like to extract the values in Group Currency as well. Doing currency translations is not an option for several business reasons. We have to have the Group currency as it appears in the Material Ledger. I debugged the standard extractor for Inventory management and noticed that the extractor caters for a BAdI(Business Add In). Can anyone please give me an indication where I can look for this BAdI. I looked on SPRO on R/3 and there is a list of BAdI's under BW, but I don't know which one to use and how to use it. I would appreciate help in this regard.
    Thank you.
    Regards.
    Verushca Hunter

    Hi dear and welcome on board !
    I think you have to fill your additional field in the usual exit provided for customer enhancement (RSAP0001) in CMOD transaction, EXIT_SAPLRSAP_001 in the include ZXRSAU01...
    Otherwise you can go fot the new RSU5_SAPI_BADI...
    Hope it helps!
    Bye,
    ROberto
    ...and please don't forget to reward the answers...it's THE way to say thanks here !

  • Session management in URL reporting

    Hi,
    I have problems with the session management while calling reports from our own web-app.
    We host our reports (.rpt) on a CrystalReportsServer 2008 running on a Tomcat. This CRS is configured with 20 CAL (ConcurrentAccess Licences).
    On the other side, our Intranet, running on another Tomcat.
    Our Intranet provides UI allowing users to determine the parameters that will be passed to reports. For some reasons we do not want to use InfoView now but keep using our own UI to call reports. The idea was then to call them through OpenDocument (or viewrpt.cwr) passing parameters in the URL.
    In our Web-app, I authenticate the user to the CRS, retrieving an IEnterpriseSession. I then get a token for my calls to OpenDoc. But then, each time I call OpenDoc, a new CAL is picked out. Even if I logoff, only one CAL (the one belonging to my IEnterpriseSession) is given back.
    As our users often open and close lots of reports, we run very quickly out of CAL, although the reports are now closed and the user gone.
    I thought using a token would have allowed us to consume only 1 CAL per user, using the same CAL for the different calls.
    Is my reasoning wrong or is it my code..?

    When creating the token , use  "CreateWCAtoken" function this will not increse the session count in CRS.
    You might be using CreateLogonToken function
    Arguments passed to these two functions are same.

  • SharePoint Workflow Manager email urls not changing

    Hello Experts,
    I have created workflow using VS 2013 in SharePoint 2013 using Workflow Manager
    every thing is working fine .
    but over due e-mails  of Task assigned shows url in the form of servername like http://servername/...
    i want to show FQDN.
    server is on Production so can not create new web app .
    Please help . i have already changed default zone url to FQDN.
    Mukesh

    HI ALL
    my probulem has been solved just i redeployed a workflow  every thing seems correct.
    Mukesh

  • VCSA 6.0: Bad URL displayed in "pi shell" disclaimer

    Greetings,
    I enabled the bash shell in the vCSA 6.0 appliance, and each time I start it using "pi shell" the following disclaimer is printed:
        ---------- !!!! WARNING WARNING WARNING !!!! ----------
    Your use of "pi shell" has been logged!
    The "pi shell" is intended for advanced troubleshooting operations and while
    supported in this release, is a deprecated interface, and may be removed in a
    future version of the product.  For alternative commands, exit the "pi shell"
    and run the "help" command.
    The "pi shell" command launches a root bash shell.  Commands within the shell
    are not audited, and improper use of this command can severely harm the
    system.
    Help us improve the product!  If your scenario requires "pi shell," please
    submit a Service Request, or post your scenario to the
    communities.vmware.com/community/vmtn/server/vcenter/cloudvm forum.
    ... but the URL referenced here (http://communities.vmware.com/community/vmtn/server/vcenter/cloudvm) cannot be found!
    I have one or two scenarios that require the use of "pi shell" and I really want to post them here in the forums, but a forum named "cloudvm" does not (yet?) exist.
    Can someone from VMware please comment? Should I just post *here* or wait for the cloudvm forum to be created?
    Thanks
    Andreas

    @Andreas,
    I read your blog. In 6.0 U1, VCSA will have a new HTML5 UI which replaces old VAMI. This should provide you with password management features for the root account such as email, expiration time and setting new password. You can still use the CLI for some of these actions. The generic CLI/API for password management won't make into U1. There is feature request opened for this and hopefully it makes it into next release.
    About the Winscp, I agree it is big pain point for many customers. We don't want customer to upload files to this appliance, if they have to it should be a feature requirement.
    Having said that, we missed providing UI or CLI to upload sysprep files, certificates. For now you have to change the shell to make winscp working. It is very difficult to make Winscp work in restricted shell, because Winscp internally just runs random commands over SSH, rather than a proper client-server communication. The solution to this is that Appliance UI/Vsphere-client should have provision to upload such files.
    I have changed the URL in shell to point to this community and asked users to add tag "appliance" for such discussions.
    @Ed,
    I will communicate with the vsphere-client team to add a plugin in appliance shell to configure this service. A user should not be required to change files.
    /etc/vmware/vsphere-client/web.properties
    Thanks again for the feedback.

  • Managing Custom URL using a file?

    hi all
    I'm looking for a possibility to manage URL black/whitelists. I know I could do it with the Web interface with custom URLs.
    We would like to give this work to another group inside our company. But these people should not manage the box itself. As far as I know we cannot set restricted admin priviledges to custom URL customization.
    Is there a possibility to "import" a list of custom URLs using command line commands or uploaded files?

    Ironport appliance don't have any automated way of pushin a file just for custom category.
    You can attempt to give the config file with only the custom category section only and have the user make the needed addition/deletion, then paste back to the config for an upload, although this can be prone to errors made the user's typo.
    You can change a user role to operator as an option, under 'System Administration > User':
    The operators group restricts users from creating, editing, or removing user
    accounts. The operators group also restricts the use of the following
    commands:
    • resetconfig
    • upgradecheck
    • upgradeinstall
    • systemsetup or running the System Setup Wizard

  • Compensation Management BADI

    Dear Experts,
    I am working on implementing ECM and integrating it with MSS for one of my client in Chicago, USA. Most of the work has been done. I am seeking assistance with-
    ·     The result of MBO performance appraisal need to be used in the Eligibility and guidelines of ECM. I have done the necessary settings but somehow the appraisal results are not being identified in the eligibility and Guidelines.
    ·     I need to use matrix guidelines for salary planning and Guideline BADI for Bonus. Both are in place some debugging is needed for the BADI so that it is called only for the Bonus plan and not for the salary plan.
    Please let me know the suitable solutions possible for the above problems.
    Regards
    Prateek

    Business Add-In(HRECM00_STKUN)to define a customer-specific algorithm that enables you to determine the reference stock unit of all award numbers displayed in the Manager Self Service Compensation Scenariofor a given compensation process item that is part of an LTI grant. In case of a stock split, the stock unit assigned to the plan changes over time. However, since the granting dates of the employees processed in an MSS scenario can differ, but still all numbers should be displayed with the same stock unit, the system has to determine a unique date out of all the employees' effective dates that can be used to obtain the stock unit. Since the standard algorithm is somewhat arbitrary, you can use a customer-specific algorithm instead by implementing this BAdI.
    Get Value of Pay Category for Employee
    Use this Business Add-In (BAdI) to calculate the value for an employee's pay category. If you have defined your own pay categories and if no wage type group has been specified for thispay category in the Attributes table for pay categories (V_T71JPR29), you must implement this BAdIto obtain values for the employee.
    Business Add-In: Age Market Data
    Use this Business Add-In (BAdI) if you want to age the market data yourself. If you implement this BAdI, then the coding within the BAdIwill run Instead of the standard system coding
    BankingInterfaceBusiness Add-In(HRECM00_PARTICIPANT) to extract the participant data of an employee using methods other than the standard ones.
    Business Add-In(HRECM00_GRANT_INFO) to extract the grant data of an employee using a method other than the standard one.
    Business Add-In(HRECM00_EXERCISE) to extract exercising data -used in the function module HR_ECM_PROCESS_EXERCISE_IDOC -using data processing other than the standard one.

  • Bad URL Created by XML Report Wizard

    Hello all,
    I don't know if anyone else has run into or published this, but I thought I would as an FYI, and since I burned 90 minutes troubleshooting it.
    I used the Report Builder Wizard in shared components, built a query, exported to XML, built my template and loaded it. When completed the system built a URL for me to use in my links...
    f?p=&APP_ID.:0:&SESSION_ID.:PRINT_REPORT=Reconciliation_t3
    When I ran the report I got a blank screen and nothing happened. Troubleshooting showed that the session was not coming across in the URL called.
    Take a note of the Session variable. The wizard created it using &SESSION_ID. not &SESSION.
    Remove the _ID and it worked fine.
    Hope it helps,
    Adam

    Adam,
    Ok, thanks, APEX 3.0.x was the first version where we introduced report queries, subsequent version do not have this issue anymore. I just verified on our development instance as well as apex.oracle.com
    Regards,
    Marc

  • Problem with Managing Subscriptions (URL)

    The problem consists of which I cannot create the sindicador, entrance the URL of the subscriber and the respective user, but at the time of Get Catalogue sends the following message:
    Error: Error en la conexión con el sindicador (No ICE server)
    I hope that they can help me.

    you have a sandbox security issue.  you can allow your local swf to access that html by going to the following:
    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.htm l
    but you'll probably run into the same problem when you upload your files to a server.

  • Installed firefox 31 and now I can't get to our oracle enterprise manager 12c URL

    Hi,
    On Monday, I upgraded to Firefox 31 and now I cannot connect to our Oracle Enterprise Manager Cloud Control Web site. I get the following error message:
    Secure Connection Failed
    An error occurred during a connection to lmoemxs101q.atl2.dc.sita.aero:7799. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)
    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
    I am not sure what to do to get rid of this message. I need to use OEM to monitor our Oracle databases and I am no longer able to do this.
    Please help.
    Thanks,
    Roya

    Thanks. I made the parameter change yesterday and now I can get to OEM and monitor our Oracle databases. I sent the workaround to my fellow DBA's in our office, as they all had the same issue with Firefox 31.
    You mentioned that this the "insecure workaround" and should be used temporarily. How unsecure is it, and is the a better workaround being worked on?
    Thanks,
    Roya

Maybe you are looking for

  • I need help: Moving music from an ipod to a new library.

    Hi, so I'm having a lot of trouble. My friend just gave me his old Ipod because he just got a new one. And it has a lot of music on it that I want. But I don't know how to take the music that's already on the ipod and put it onto my itunes. Because m

  • Keys act as if they are stuck

    I know keyboard problems have been a common issue with some of the original MacBook Pros, although I have never had any trouble until this afternoon. There was some debris on my keyboard and I wiped it off, foolishly without turning it off first. Whe

  • How to install HP Laserjet 1020 driver for MAC 10.8.5?

    How to install HP Laserjet 1020 driver for MAC 10.8.5?  When I upgraded from Lion to Mountain Lion, my ability to print disappeared.  Where can I get a driver that works?  Thanks.

  • Calculated quarter columns on the months in prompt

    Hello All, In my financial reporting studio report I have 2 prompts for selecting months relating to scenario. one is for selecting months for Actuals and another is selecting months for budget. The user can select 12 months from Actuals or budget. f

  • Amazon MP3 downloads

    I've been using Amazon MP3 to download music onto my Blackberry Curve 9320 for a few months. Now for some reason it won't let me download anything. Comes up with the error message 'your order could not be processed'. If I go into Amazon and check the