В ответ на печально известную DOS-атаку "xmlrp c. php", я написал пользовательские страницы с ошибками ASP для ошибок типа 404 и 500-100, и большинство из них работало нормально. Однако я обнаружил, что страницы выполняются дважды по неизвестной причине. Они оба отправляют электронные письма, а также собирают IP-адрес клиента для автоматического c добавления в текстовый файл пользовательского списка заблокированных IP-адресов Peerblock. Однако из-за двойного выполнения отправляются два (2) сообщения электронной почты, а IP-адреса дважды добавляются в текстовый файл Peerblock. Ниже приведен список фрагментов кода для страницы 404:
' Grab the current URL and peform a number of tests (if we can--after the IIS server performs a redirection to a 404 handler, the URL is stripped of all parameters):
TheURL = Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("SCRIPT_NAME")
If Request.ServerVariables("QUERY_STRING") <> "" Then
TheURL = TheURL & "?" & Request.ServerVariables("QUERY_STRING")
End If
strServer = Request.ServerVariables("SERVER_NAME")
strUrl = Request.QueryString
strPage = Mid(strUrl, InStr(strUrl, strServer) + Len(strServer) + 1)
ClientIPAddress = Request.ServerVariables("LOCAL_ADDR")
HTTPReferer = Request.ServerVariables("HTTP_REFERER")
If HTTPReferer = "" Then
If InStr(1, ClientIPAddress, "10.1.252.250", 0) > 0 Then
HTTPReferer = "www.edenusa.com"
WithinSite = True
Else
HTTPReferer = "UNKNOWN URL"
WithinSite = False
End If
End If
' Grab the IP address of the client coming into site (used later in email and HTML text):
RemoteIPAddress = Request.ServerVariables("REMOTE_ADDR")
' Don't notify via email when the URL is the following (happens too often):
HTTPRefererStatus = InStr(HTTPReferer, "edenusa.com/") OR InStr(HTTPReferer, "www.edenusa.com/") OR InStr(HTTPReferer, "edenusa.com/favicon.ico") OR InStr(HTTPReferer, "edenusa.com/favicon.gif") OR InStr(HTTPReferer, "edenusa.com/robots.txt") OR InStr(HTTPReferer, "xmlrpc.php")
TheURLStatus = InStr(TheURL, "xmlrpc.php")
If HTTPRefererStatus > 0 Or TheURLStatus > 0 Then
NoEmail = True ' Do not send an email in this case
If TheURLStatus > 0 Then ' Write the IP address to our own local Peer Block list:
' The format of the file is as follows: #[name]:[IpRangeStart]-[IpRangeEnd]
Dim objFS
Dim objFile
Dim IPBlockFileName: IPBlockFileName = "badiplist-edenusa.txt"
Set objFS = Server.CreateObject ("Scripting.FileSystemObject")
sIPBlockListPath = Server.Mappath ("/common/errorhandling/badiplists/" & IPBlockFileName)
Set objFile = objFS.OpenTextFile (sIPBlockListPath, 8)
' Write the IP address out to the IP Block List file:
objFile.WriteLine "#Test: " & RemoteIPAddress & "-" & RemoteIPAddress
objFile.Close
Set objFS = Nothing
Set objFile = Nothing
End If
End If
' Using Persits ASPEmail component, send an error report email to the support team.
sAlertBody = "At " & Now() & " a 404 error was encountered when a user attempted to visit the following link: " & HTTPReferer & vbCrLf
sAlertBody = sAlertBody & vbCrLf & vbCrLf
sAlertBody = sAlertBody & "The local IP address is: " & ClientIPAddress
sAlertBody = sAlertBody & vbCrLf & vbCrLf
sAlertBody = sAlertBody & "The remote IP address is: " & RemoteIPAddress
sAlertBody = sAlertBody & vbCrLf & vbCrLf
sAlertBody = sAlertBody & "The value of TheURL is: " & TheURL
sAlertBody = sAlertBody & vbCrLf & vbCrLf
'Send email for evaluation:
'Function IsSuccessfulEmail(sFromAddress, sSenderName, sRecipient, sReplyTo, sSubject, sBody, sCarbonCopyAddress, sFileAttachmentLocation)
If NoEmail = False Then
' Call the emailing function (contained in the /INCLUDEFILES/EMAILOPERATIONS/EMAILFUNCTIONS.ASP file):
' Call the AdministrativeAlertEmail() function:
AlertEmailResult = AdministrativeAlertEmail(sAlertRecipient, sAlertSubject, sAlertBody, sAlertHost)
If Debug_404ErrorPage = True Then
Response.Write("LINE-178: This is the value of the AlertEmailResult variable: ") & AlertEmailResult & "<br>"
Response.End
End If
Else ' Do not send an email, and reset the variable back to TRUE:
NoEmail = True
End If