-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ryan,
On 9/13/16 5:13 PM, Ryan Melissari wrote: > We have recently noticed that our Tomcat installation is writing > incorrect data to the localhost_access_log. It seems to be writing > cached data of a previous request for some or all of the fields. > For example, sometimes the jsessionid of another IP/client is > written in the logs of having made a request for a page. There are > other times where the request came from one computer, but is logged > with the IP and sessionid of another computer. I have included a > sample of the access log that shows what I mean. > > So far we have upgraded to the newest version of Tomcat (8.5.5) and > added RECYCLE_FACADES=true to our catalina.properties file. We > also see the same behavior from inside our application using > getRemoteAddr(). At this point I am not really sure how to proceed > as google doesn't return anything about a problem like this. Any > suggestions would be appreciated. You mean you set the system property org.apache.catalina.connector.RECYCLE_FACADES=true, right? How did you set that system property? It's still possible that your application is trashing a request or response object before the logger has a chance to emit the log message (which typically happens at end *end* of the request processing cycle). > Tomcat 8.5.5 OS: Solaris 11.3 sun4v sparc Java: 1.8.0_92 > TCNative: 1.2.7 > > > > > *server.xml:* <Connector port="443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="300" SSLEnabled="true" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLSv1.2" maxHttpHeaderSize="65536" > keystoreFile="/tomcat/.keystore" keystorePass="" compression="on" > compressableMimeType="text/html,text/xml,text/plain,text/css,text/java script,application/javascript" >> > > </Connector> > > ... > > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" prefix="localhost_access_log" suffix=".txt" > renameOnRotate="true" pattern="%h %l %u > %{yyyy-MM-dd'T'HH:mm:ss.SSSZ}t "%r" %s %B %S %D > %{Referer}i" /> > > > > *Clients:* > > Client1: 192.168.1.100 JSESSIONID: > C345EEC54EA556A5E55CE1F7AAB9B706 > > Client2: 192.168.1.105 JSESSIONID: > DF4331A7668F8D67249A86DA2313029D > > > > *localhost_access_log.txt:* > > 192.168.1.100 - - 2016-09-13T14:33:34.154-0500 "GET > /javascript/flyout-nav.js HTTP/1.1" 304 0 > DF4331A7668F8D67249A86DA2313029D 7 https://192.168.1.1/ > > 192.168.1.105 - - 2016-09-13T14:57:59.110-0500 "GET > /javascript/custom-expand.js HTTP/1.1" 304 0 > C345EEC54EA556A5E55CE1F7AAB9B706 11 https://192.168.1.1/ That certainly looks weird. Why is your "Referer" header coming in as 192.168.1.1? That looks like a home router's default IP address. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJX2cuhAAoJEBzwKT+lPKRYZa0P/iTFmPHzw2Kd1m8JXyFQZxZw zLswCiZCbLBRLVW3dfjgsDEtacx0+1WCwZDKm8NNUN2GbPuGfkqZhLmds0N8kfxI TyNaJPlSXHPP5syUoWVMd3sB0X+o4k5xBNNBI9uFUQ0dUmw5JxRpyI+hHXTpUC+K NS4ZKHdvUGJbXOION29tGQrkNORtRtVKGalu/vDxz6HSJC1AOPwAkT1SlmHp7UOF cDeDyJDVLP9SAnFlu/RxIS7yuakyBpOTormEZHAJ1zRbIrKUk6qsJ/2ffyejcaBR MgyrEALO9XN8MU2q+4TGWRl+qAAvWjuThZaJe7Z13OwyNS0/FwJ5RwRELrwgJlvc nAfPU0BLZbnoK5dGiD2n81KUvN99+OJ5jvlfOcWSR3yncIvQAUAswR1rEdX8VFCB Bcb+brZG9I9UvCvUP39OyyiuJp02WLGor9kJXiuGe7DxKBVOZ3a9rr69vTx2nd5C DWmhkust6LhcjsarmmApe1k0f3UrCytl1nwRiFw4l7b/4R8VFHyaVuwGQb3uYsrh EB22vkEtk9+oTiH6LvItw7EJX45JwuCiK59qcFL6g4do+it0V3zwInmgVUY27QoC gW+LUQrplv7MdOCTPXYQnqs6tG5e9nO3WIjg4NYg3Vhu9IAYVhwDQsw//6k7BgKh uKqvbWKapQTuKKjCBvvO =bocl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org