Recently we’ve had some bot activity on our production app. One request was sent to
/admin/Upload, which is a path that does not exist in our application. In such cases, it’s expected to halt and return
404 - Not Found (as it usually does). However, the request failed because it couldn’t create a temporary directory due to missing write permission (rightfully so). Here’s the error:
Request: POST /admin/Upload ** (exit) an exception was raised: ** (Plug.UploadError) could not create a tmp directory to store uploads. Set PLUG_TMPDIR to a directory with write permission (plug 1.14.2) lib/plug/upload.ex:185: Plug.Upload.random_file!/1 (plug 1.14.2) lib/plug/parsers/multipart.ex:295: Plug.Parsers.MULTIPART. handle_disposition/3 (plug 1.14.2) lib/plug/parsers/multipart.ex:200: Plug.Parsers.MULTIPART.parse_multipart_headers/5 (plug 1.14.2) lib/plug/parsers/multipart.ex:186: Plug.Parsers.MULTIPART.parse_multipart/5 (plug 1.14.2) lib/plug/parsers/multipart.ex:175: Plug.Parsers.MULTIPART.parse_multipart/2 (plug 1.14.2) lib/plug/parsers/multipart.ex:127: Plug.Parsers.MULTIPART.parse/5 (plug 1.14.2) lib/plug/parsers.ex:340: Plug.Parsers.reduce/8 (danko_web 0.1.0) lib/danko_web/endpoint.ex:1: DankoWeb.Endpoint.plug_builder_call/2
Why did the request get processed so far instead of dying early?