protection with AllowedHTMLDomains doesn't work for RTMPT

EDIT: I have rewritten most of the post so it represents real problem.

I have enabled AllowedHTMLDomains and AllowedSWFDomains, set my domain to it.

Now if I connect to the server with Flash player which support only RTMP streaming everything works as expected. Such players from foreign domains are forbidden to play my content.

But if I connect to the server with player which is able to fallback to RTMPT if RTMP is not working, then the protection is bypassed.

FMS log says:

Accepted a connection from IP:127.0.0.1, referrer: http://post.lnk.lt/flow/flowplayer.commercial-3.2.16.swf, pageurl: http://post.lnk.lt/flow/allow.html

The protection is bypassed because during RTMPT the IP address becomes 127.0.0.1 and this is what I have found in VOD application:

       // Authenticating HTML file's domain for the request :

        // Don't call validate() when the request is from localhost

        // or HTML Domains Authentication is off.

        if ((p_client.ip != "127.0.0.1") && application.HTMLDomainsAuth &&  !this.validate( p_client.pageUrl, this.allowedHTMLDomains ) )

        {

                trace("Authentication failed for pageurl: " + p_client.pageUrl + ", rejecting connection from "+p_client.ip);

                return false;

        }

Why this check exist in the first place? To allow FMS Admin to access application?

Maybe this can be fixed by sending real IP address to RTMPT subprocess?