<br><br><div><span class="gmail_quote">On 9/4/07, <b class="gmail_sendername">Michael Shinn</b> <<a href="mailto:mike@gotroot.com">mike@gotroot.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>Offhand, not sure... the IP is weird, the box is connecting from itself<br>to itself. Are you running your tests on the box to itself?<br><br>If so, that explains it. In the meantime, try commenting the SQL<br>injection rule out to see if that stops the false positive. Also, what
<br>application(s) are you running on the box?<br><br><br></blockquote></div>Yeah, I have apache running on the test machine and I'm accessing the apache server via localhost in a web browser running on the test machine which is running apache. I'm not accessing apache via another machine. Are the gotroot rules set to deny accessing apache via localhost? I would try commenting out the SQL injection rule but I don't know where it is, do you know by chance? I find it weird that it's catching an attempt to browse / via localhost as a SQL injection attack though....
<br><br>While I do have other servers such as pureftpd installed on the server they do not start up on boot and I have not invoked them at the same time as apache. The only other applications running besides apache 1.3.37
with php 4 and mod_security is kde, firefox, and whatever system binaries are required to be loaded on boot by the system. If you'd like a more precise answer I am more than willing to paste the output of ps -A for you.
<br><br>Thanks! :)<br>