After doing this a 3rd time, I packaged a small library; a plug that deflects common sources of invalid traffic before it hits the router.
I’m curious how others are approaching this.
And, I’d appreciate feedback, here or as a GitHub issue. Thanks!
2 Likes
What is the result for the caller when their HTTP request is deflected? Do they get a 404, something else?
Looks like it
How I approach this? At the reverse proxy level, where it should be approached.
1 Like
Vulnerability scanners, bots, and scripts constantly probe web apps for WordPress, PHP, .env files, and other non-Elixir targets.
Phoenix routing is based on pattern matching, which is much faster than regular expressions. So unless you are doing some really heavy processing on all requests, reaching natural “no route” result should be very cheap.
PlugDeflect pattern-matches these requests and returns 404 immediately — no router, no controller, no wasted cycles.
You are wasting cycles because you are passing all traffic, including legitimate one through the regular expressions.
2 Likes
