Looking at the log file I noticed that all the requests came from the same IP address, that of the server and not the real remote IP.
The behaviour is the same for instances that respond directly and for instances behind Nginx.
Inspecting the headers with the command ns_set array [ns_conn headers] I got:
Host 192.168.1.208 Connection keep-alive Content-Length 192 Cache-Control max-age=0 Origin http://192.168.1.208 Upgrade-Insecure-Requests 1 User-Agent {Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36} Content-Type application/x-www-form-urlencoded Accept {text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8} Referer http://192.168.1.208/ds/shell.tcl
where 192.168.1.208 is the server address. Trying the same command with an instance behind Nginx I got:
Host alter.cano.oasisoftware.com X-Real-IP 37.176.126.139 X-Forwarded-For 37.176.126.139 Connection close Content-Length 192 Origin http://alter.cano.oasisoftware.com Upgrade-Insecure-Requests 1 User-Agent {Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36} Content-Type application/x-www-form-urlencoded Accept {text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8} Referer http://alter.cano.oasisoftware.com/ds/shell
where 37.176.126.139 is my remote IP, but ad_conn peeraddr gives the server address 10.0.0.62 instead.
.
I'm running NaviServer 4.99.8, PG 9.3 and Oacs 5.8 on AWS EC2.