#17 open
perrycz

Wrong detection of remote IP after receiving malformed(?) HTTP request

Reported by perrycz | February 25th, 2010 @ 05:21 PM

As you can see in the log below, first request is correct but after receiving malformed(?) request server is assigning the same remote IP to all request. – The last request should has the same remote IP as the first has since its from the same client.

192.168.1.35 - - [25/Feb/2010:12:15:19 +0100] "POST /infotable/datetime HTTP/1.1" 200 45 "http://192.168.1.1/obsluha" "Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 (.NET CLR 3.5.30729)"

84.201.171.55 - - [25/Feb/2010:12:15:23 +0100] "GET /remote?time=2010-02-25+11%3A34%3A10 HTTP/1.1" 200 67 "-" "-"

84.201.171.55 - - [25/Feb/2010:12:15:49 +0100] "POST /infotable/datetime HTTP/1.1" 200 45 "http://192.168.1.1/obsluha" "Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 (.NET CLR 3.5.30729)"

Comments and changes to this ticket

  • Dharmarth Shah

    Dharmarth Shah March 4th, 2010 @ 01:13 PM

    • State changed from “new” to “open”
    • Assigned user set to “Dharmarth Shah”

    Thank you for taking the time out to report the issue.

    We tried out sending different kind of malformed requests (missing protocol version, large request uri, large query string etc) to the server and checked out the access logs carefully for subsequent requests. We were unable to reproduce the issue seen by you.

    Could you please let us know how you created the specific malformed request that triggered off the issue for you?

    Sidenote: The response code for all malformed requests detected by the server should be 4xx. The log entries posted by you have the response code as 200. Could you please also confirm that you pasted the intended logs here?

  • perrycz

    perrycz March 17th, 2010 @ 08:00 PM

    Actualy that second request is from remote rails application (active resource). The log entries are right.

    Do you want me to send more logs? It's from production environment which is remote IP sensitive so with WebROaR it doesn't work properly therefore I can't do so much tests.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

<strong>Source Code Location</strong>
Repository is at <a href="http://github.com/webroar/webroar" target="_blank">http://github.com/webroar/webroar</a>
<p>
Check out the development master:
git clone git://github.com/webroar/webroar.git

<p>
<strong>Creating a bug report</strong>

When creating a bug report, be sure to include as much relevant information as possible.
<p>
Security vulnerabilities should be reported via an email to security@webroar.in, do not use lighthouse for reporting security vulnerabilities. All content in lighthouse is publicly available as soon as it is posted.

Shared Ticket Bins

People watching this ticket

Pages