This issue might be related to http://issues.apache.org/bugzilla/show_bug.cgi?id=33971 What i am seeing is that at runtime, HttpServletRequest.getRemoteHost() is returning invalid results. That is, it sometimes returns unqualified hostnames (instead of an ip, which is expected if it can't get a fully-qualified hostname). Other times it returns a hostname that has absolutely nothing to do with the IP. Some examples I see in my logs: 86.125.53.140 maps to msnbot.msn.com 88.7.11.140 maps to msnbot.msn.com 210.111.94.102 maps to crawl-66-249-66-138.googlebot.com 218.190.175.145 maps to msnbot.msn.com These are all logged by the servlet being hit, with it logging: "ip " + request.getRemoteAddr() + " maps to " + request.getRemoteHost() Now, if you try looking up the hostname associated with the above IPs after the fact you will notice none of them map to the hostnames that Tomcat claims it does. I suspect that sometimes when reverse lookup fails, Tomcat retains the rDNS result from the previous lookup instead of returning the string format of the IP. This might also be a new bug introduced between 5.5.9 and 5.5.12 because I don't recall having this problem with 5.5.9. ( I'm leaving the country today for a few weeks so please excuse me if I don't reply right away to any questions you might follow up with )
BTW: I only use the HTTP connector, not jk or apr. This is a standalone Tomcat server.
I went one step further and tried comparing the output of HttpServletRequest.getRemoteHost() and InetAddress.getHostname(): String remoteHost = request.getRemoteHost(); String ip = request.getRemoteAddr(); text.append("ip " + ip + " maps to " + remoteHost); String hostname = InetAddress.getByName(ip).getHostName(); if (!hostname.equals(remoteHost)) { text.append(" but the actual hostname is " + hostname); log.debug(text); } and got output like this: ip 210.111.94.102 maps to vz4-vlan1.networx-bg.com but the actual hostname is 210.111.94.102 doing "nslookup" locally I clearly see that 210.111.94.102 has no reverse lookup and that vz4-vlan1.networx-bg.com actually maps to 82.147.153.200 so now I'm 100% certain this is a Tomcat bug.
Have you guys had a chance to look at this issue? Any idea what piece of code might be at fault?
This should be fixed now in the SVN trunk, and should appear in 5.5.16. Reviewing the commit logs shows that this should have been there for a very long time (but shouldn't happen very often).