Possibly not a Rails related deal, but I want to rule that out as the
case or not.
I have 4 web servers, two of which run Rails applications, all four of
which run Lasso applications (this is relevant shortly).
For the two Rails applications, the Apache logs have recently started
having oodles of these lines. The weird part is that the request IP is
the server’s own address. It’s also generating boatloads of dummy
sessions.
We’re turned off all monitoring systems (no impact), and I’ve even shut
down mongrel/Rails itself now.
After doing the latter. the Apache entries have continued but return a
503 code (and of course Rails session ceased as there’s no app to write
them now)
This is only happening on the two machines with Rails apps, and only in
the Rails apps logs. It just so happens that the Rails apps are “www”
while the other apps are other subdomains.
Maybe the Rails factor is conincidence due to them being the default
apps, but I can’t figure out what else to look for.
I would suspect a bot trying to do something, but could it spoof the
request IP to make it look like the request is coming from an internal
process?
– gw