вт, 5 мая 2026 г. в 19:42, Christopher Schultz <[email protected]>: > > Mark, > > On 5/5/26 11:04 AM, Mark Thomas wrote: > > On 02/05/2026 16:27, Christopher Schultz wrote: > >> All, > >> > >> I've got an odd situation where some requests arriving in my > >> application are claiming to come from 127.0.0.1 as the remote IP address. > >> > >> I'm calling HttpServletRequest.getRemoteAddr and storing it in the > >> user's session. I'm an admin, so I can see this attribute in users' > >> sessions and very rarely I'm seeing that it's set to 127.0.0.1. > >> > >> My setup is: > >> > >> AWS ALB -> httpd [mod_jk] -> [stunnel] -> Tomcat [AjpNioProtocol] > >> > >> This does not require high load. All httpd and Tomcat instances are > >> configured identically. And this happens very rarely, but enough that > >> I have noticed it and I'd like to understand what might be happening. > >> > >> An interview with ChatGPT yielded this comment: > >> > >> " > >> AJP is not resilient to partial/ambiguous reads across a tunneled TCP > >> stream. If anything about framing or connection reuse gets even > >> slightly out of sync, Tomcat will still process the request—but > >> silently fall back to 127.0.0.1. > >> " > > > > Yeah, that looks like nonsense. > > > > I assume that it isn't at all possible that the request has been made by > > 127.0.0.1 (the machine where httpd is running)? > > Correct, 127.0.0.1 would be *either* the httpd instance (forwarded over > AJP) or the Tomcat server itself. Neither are likely, as the users are > always coming through a load-balancer which is forwarding the user's > real IP, and it should be forwarded all the way through.
This reminds me of a January 2026 thread on users@httpd, titled "Server querying OPTIONS to itself?" https://lists.apache.org/thread/4c078mzb1zfy6rohb1bty4z545d8dnwl That thread mentioned the following two references: https://serverfault.com/questions/543355/options-http-1-0-in-access-log https://cwiki.apache.org/confluence/display/httpd/InternalDummyConnection A HTTPD making some dummy connections to itself. Those can be distinguished by looking at the "User-Agent" header value that includes a string "(internal dummy connection)". (The discussion on users@httpd and serverfault questions both mention "OPTIONS *" requests, and I think that those are unlikely to be forwarded to Tomcat, but the HTTPD Wiki page does not say anything about them being "OPTIONS" requests.) Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
