[Modsecurity] Gotroot mod_security rules not working with Apache
1.3.37
Hex Star
hexstar at gmail.com
Tue Sep 4 19:15:22 EDT 2007
On 9/4/07, Michael Shinn <mike at gotroot.com> wrote:
>
>
> Offhand, not sure... the IP is weird, the box is connecting from itself
> to itself. Are you running your tests on the box to itself?
>
> If so, that explains it. In the meantime, try commenting the SQL
> injection rule out to see if that stops the false positive. Also, what
> application(s) are you running on the box?
>
>
> Yeah, I have apache running on the test machine and I'm accessing the
apache server via localhost in a web browser running on the test machine
which is running apache. I'm not accessing apache via another machine. Are
the gotroot rules set to deny accessing apache via localhost? I would try
commenting out the SQL injection rule but I don't know where it is, do you
know by chance? I find it weird that it's catching an attempt to browse /
via localhost as a SQL injection attack though....
While I do have other servers such as pureftpd installed on the server they
do not start up on boot and I have not invoked them at the same time as
apache. The only other applications running besides apache 1.3.37 with php 4
and mod_security is kde, firefox, and whatever system binaries are required
to be loaded on boot by the system. If you'd like a more precise answer I am
more than willing to paste the output of ps -A for you.
Thanks! :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gotroot.com/pipermail/modsecurity/attachments/20070904/1146e1de/attachment.html
More information about the Modsecurity
mailing list