You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
I've got an app running in a docker container, I can access the container and rummage around on the filesystem. There are lots of .rb files. I know nothing about Ruby at all.
The problem is that the URL I have been given to access it returns a 404 all the time. Turns out this is the 404 page from Ruby itself - I have proved that by changing it. So how the heck do I figure out what URLs the application will respond to? I have a routes.rb file but I cannot make sense of it.
Oh, nevermind. In the best tradition of asking IT questions, I've fixed it just after posting the question. There was a whitelist...
What is the correlation between asking an IT question and solving the problem within 15 seconds?
And why? I've lost count how many times that has happened.
Posted it on my work channel too, and had to retract it almost immediately 🙂 And yes, it was in the manual!
What is the correlation between asking an IT question and solving the problem within 15 seconds
It causes your brain to think of it a different way when explaining it to others. See also looking at your code first thing in the morning and fixing something that you couldn't do the previous day.
The answer to the question (for whoever lands on this in the future) is that you can run rake routes from the application’s root directory (so you’d need a bash shell into the container).
You should really see a 401 error rather than 404 is it's denial of access via a Whitelist...
There was a whitelist…
https://www.linkedin.com/pulse/allowlist-blocklist-better-terms-everyone-lets-use-them-rob-black
I had a bash shell in the container, I rummaged around but did not know what I was looking at.
You should really see a 401 error rather than 404 is it’s denial of access via a Whitelist…
Well arguably no, because getting a 401 instead of a 404 confirms the existence of a page, which is giving out information about the system. Then again, if all unauthenticated requests returned 401 that would solve that issue. Problem is this particular application is a composite with two UIs and two sets of credentials (because reasons) so all requests to the one with the whitelist get through the reverse proxy, so you see a 404 form the app itself not from the proxy so that sort of gives the same information anyway.