ERROR - Connector: 404 - file not found for file ... caused by Automated vulnerability scanners?
Hi all, On one of our apps we get a high number of ERROR - Connector: 404 - file not found for file … messages in the logging The files they are trying to access are things like: .git-credentials, wp-login.php, a'"><injectable>, .htpasswd, mysql.sql etc. My assumption is that they are caused by automated vulnerability scanners. I've contact Mendix support and they could only provided access logs and directed me to Path Based Access Restrictions and the Access Restriction Profiles documentation. Which doesn’t really contain a solution to this specific issue I have the following observations The number of attempts is sometimes 500 requests per day IP-addresses vary per day Requests are directed at the [app].mendixcloud.com and not at the custom domain (we don't use the mendixcloud.com url) Path based acccess restrictions don't allow me to block file types, and many requests are on the root My goal is to get rid of these errors in the log by blocking these requests. Does anyone recognize these issues? Shouldn't Mendix cloud block these requests anyway? Are there any option within the current cloud/platform options I'm overlooking that can be used? it would also be nice to know if many apps have similar issues, that might increase the priority for Mendix to implement a feature for this. Thanks! Stephan