[mod-security-users] What is ::1??

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have this report of a bad user the system is reporting the IP as ::1
What is this? Spoofed?  ARG!  *shivers*

=20

I have no clue what this person is trying to do and nothing in the
access logs says he is even accessing anything...  That's scary...

=20

Can I get someone shine some light on this?

=20

Below is the log from modsecurity console.  What you see is all the
modsecurity reported to me.

=20

------------------------------------------------------------------------
---------------------------------------------

Generic Attack    Warning. Pattern match "^$" at HEADER("Host")

=20

--114f0133-A--

[22/Mar/2007:16:29:02 --0400] yiRTq6wegVEAADErAtgAAAAG ::1 58698 ::1 80

--114f0133-B--

GET / HTTP/1.0

User-Agent: Microsoft-IIS/5.0 (internal dummy connection)

=20

--114f0133-F--

HTTP/1.1 301 Moved Permanently

Vary: Accept-Encoding,Cookie

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Cache-Control: private, must-revalidate, max-age=3D0

Last-modified: Thu, 22 Mar 2007 20:29:02 GMT

Location: http

=20