Identical traffic

security http proxy cache network-monitoring

This is most likely BlueCoat's "WebPulse" service.

When a user accesses a URL through a BlueCoat Proxy and BlueCoat doesn't have any information on that URL, it can be reported back to "WebPulse", which then scans the URL looking for malware, etc.

The first request will be the user accessing the URL, the second is WebPulse doing its scan on the same URL.


It might be due to various issues: 1 - An attacker is trying to confuse App. server caching using tunneled connections.

2 - A regular user is connecting through a mis-configured VPN+proxy which duplicates the traffic by sending a copy from each site.

3 - A S-NAT issue.

4 - or may be an issue with your own proxy (I don't know whther you have)


This sounds like a replay attack

Wikipedia:

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).

Related

Apache Virtual Host Config www vs non-www, Rewrite or sServerAlias?
Python version for mod_wsgi
SELinux - Getting Started on really understanding it?
Software for automating Windows GUI applications [closed]
How to update a live webserver?
How to "Investigate rock arches on the Mun" in Kerbal Space Program?
In ww.es does a Reviver revive an avatar or a player
When does the forest FINALLY end?
WOW: BfA Item level scaling in (instanced) PvP
How to win on Might & Magic Heroes VI - Haven - Something Is Rotten campaign map
CS:GO game state integration question
How does the Orb of Wisdom give its trait?