Bug 38100 - HttpServletRequest.getRemoteHost() returning invalid results
Summary: HttpServletRequest.getRemoteHost() returning invalid results
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Connector:Coyote (show other bugs)
Version: 5.5.12
Hardware: PC Windows XP
: P3 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-02 17:38 UTC by Gili
Modified: 2006-01-15 15:47 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gili 2006-01-02 17:38:00 UTC
This issue might be related to
http://issues.apache.org/bugzilla/show_bug.cgi?id=33971

What i am seeing is that at runtime, HttpServletRequest.getRemoteHost() is
returning invalid results. That is, it sometimes returns unqualified hostnames
(instead of an ip, which is expected if it can't get a fully-qualified
hostname). Other times it returns a hostname that has absolutely nothing to do
with the IP.

Some examples I see in my logs:

86.125.53.140 maps to msnbot.msn.com
88.7.11.140 maps to msnbot.msn.com
210.111.94.102 maps to crawl-66-249-66-138.googlebot.com
218.190.175.145 maps to msnbot.msn.com

   These are all logged by the servlet being hit, with it logging: "ip " +
request.getRemoteAddr() + " maps to " + request.getRemoteHost()

Now, if you try looking up the hostname associated with the above IPs after the
fact you will notice none of them map to the hostnames that Tomcat claims it
does. I suspect that sometimes when reverse lookup fails, Tomcat retains the
rDNS result from the previous lookup instead of returning the string format of
the IP. This might also be a new bug introduced between 5.5.9 and 5.5.12 because
I don't recall having this problem with 5.5.9.

( I'm leaving the country today for a few weeks so please excuse me if I don't
reply right away to any questions you might follow up with )
Comment 1 Gili 2006-01-02 18:28:51 UTC
BTW: I only use the HTTP connector, not jk or apr. This is a standalone Tomcat
server.
Comment 2 Gili 2006-01-02 19:05:43 UTC
I went one step further and tried comparing the output of
HttpServletRequest.getRemoteHost() and InetAddress.getHostname():

        String remoteHost = request.getRemoteHost();
        String ip = request.getRemoteAddr();
        text.append("ip " + ip + " maps to " + remoteHost);
        String hostname = InetAddress.getByName(ip).getHostName();
        if (!hostname.equals(remoteHost))
        {
          text.append(" but the actual hostname is " + hostname);
          log.debug(text);
        }


and got output like this:

ip 210.111.94.102 maps to vz4-vlan1.networx-bg.com but the actual hostname is
210.111.94.102

doing "nslookup" locally I clearly see that 210.111.94.102 has no reverse lookup
and that vz4-vlan1.networx-bg.com actually maps to 82.147.153.200 so now I'm
100% certain this is a Tomcat bug.
Comment 3 Gili 2006-01-15 23:09:10 UTC
Have you guys had a chance to look at this issue? Any idea what piece of code
might be at fault?
Comment 4 william.barker 2006-01-16 00:47:03 UTC
This should be fixed now in the SVN trunk, and should appear in 5.5.16.

Reviewing the commit logs shows that this should have been there for a very 
long time (but shouldn't happen very often).