I have been running my Quixote app, which is integrated with Medusa,
on an unadvertised internet IP address for testing and for
demonstration to prospective users.

There is a rapidly increasing frequency of attempts to break into the
server by means of requests containing URI's which are obviously aimed
at IIS weaknesses and common security lapses.  I want to discourage
these idiotic attempts, and my latest effort is to try to "swallow"
these requests and not respond to them.  I figure that no response at
all will be more of a deterrent than a "page not found" response.

Any comments or suggestions on this from Quixote or Medusa users would
be appreciated.

In my QuixoteHandler class, I have inserted a new method:

  def reject_request(self, request):
    # (Code for logging the particulars of the request not shown)
    request['Connection'] = 'close'
    request.channel.current_request = None
    request.channel.close_when_done()

At the beginning of QuixoteHandler.continue_request(), I have inserted
the following:

    If not request.uri.startswith(MYAPP_URI_ROOT):
      self.reject_request(request)
      return

Is this the right way to go about ignoring undesired requests?

Thanks,

Jim Dukarm
DELTA-X RESEARCH
Victoria BC Canada