On 26/05/2011 15:43, Filippo Machi wrote: > Ciao Christopher, > we don't trust 85.18.x.x., it doesn't belong to us, that's why I posted my > question. > We're not able to explain how is possible that a request from localhost to > localhost > appear to be issued from a different ip.
If it's not one of your IPs why do you think that the request is definitely from an internal system, rather than an external one? p > Anyway, I'm going deeper following your hint about the rewrite. > May we assume that a redirect will cause the same symptom? > thanks > Fil > > > On Thu, May 26, 2011 at 4:04 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Filippo, > > On 5/26/2011 8:22 AM, Filippo Machi wrote: >>>> The service I was talking about is a php script we put in the crontab and > it >>>> accesses directly to the tomcat asking the url (127.0.0.1:8080/...) > > Okay: when you use 127.0.0.1, you should always be using the loopback > address. That's good. If you were using a non-localhost hostname (like > myserver.mydomain.it) then your "remote address" would likely appear to > be the external IP address of the server because, well, that's just how > TCP/IP works. > >>>> I'm omitting the final part of the ip just for privacy. There are >>>> just a little set of ips that seem to be involved in the scenario I >>>> described and they don't change. > > Okay. Since they don't change, what is the relationship between the IP > address you are observing and the network setup you have? Is 85.18.x.x > the external IP address of the server? > > I wonder if your server is re-writing URLs in an HTTP response that are > fully-qualified. So, instead of the URL being relative like "/foo/bar" > it's being sent as "http://myserver.mydomain.it/foo/bar"; and so your > client is therefore appearing to come from the server's external IP > address. > > Simple question: do you "trust" 85.18.x.x? If so, why not just add it to > the list of trusted IP addresses in your filter? > > -chris >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org >> >>
signature.asc
Description: OpenPGP digital signature
