The cause of the problem might be the javascript (since it records what the client believes rather than what the server sees, but hard to say without knowing more) it's possible that someone's machine *might* think its IP address is 127.0.0.1 and so that's what you'd get in the logs.

For instance right now my machine thinks its IP address is 192.168.0.2 (if you try to look it up is listed as a non-routable address) because that's the address I'm assigned by my internal network router - my machine has no idea / need to know what IP address is shown when it talks to the internet.

- Tony

The cause of the problem might be the javascript

Surely that would only manifest itself in possible URL params set by JavaScript executed on client side, as if a new proper request is made then remote host address will be the proper IP (proxy or whatever) rather than localhost.

The only unlikely explanation that I have (apart from requests actually made locally on server) is that someone tried to spoof IPs - should not work on well secured boxes these days

Dreamquick & Lord Majestic,

Thank you for the posts.

I have to change my earlier post a bit. I use the javascript to capture the referring URL and a php script to capture the IP.

So, in your case, my script would capture the IP of the external router. I was worried about exactly what Lord Majestic said.. someone spoofing IPs. I am wondering if others see such instances as well.

dataKris