I have had this for the first time in my MANY visits to GZ over the years from various devices. This is from my office computer, which GZ will know well :) 

networkn:

 

I have had this for the first time in my MANY visits to GZ over the years from various devices. This is from my office computer, which GZ will know well :) 

 

 

 

+1

I must say I've got this a few times over the last couple of days. @freitasm did you check what rule is triggering this?

I made a post 25 minutes ago with no issues, then another just now from the same static IP address and got the prompt. It really threw me because it takes over the entire window.

No, I don't know which rule is triggering this. I didn't change the sensitivity level and checked this. I will look at one of your IP addresses now - if you posted from a different IP from the previous two posts when it happened let me know.

@Geektastic, your post here triggered a SQL Injection alert:

60024            OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION-ARGS:MESSAGE="></
950901 OWASP_CRS/WEB_ATTACK/SQL_INJECTION-ARGS:MESSAGE=p>Yep
981257 DETECTS MYSQL COMMENT-/SPACE-OBFUSCATED INJECTIONS AND BACKTICK TERMINATION-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=, and it still annoys me&nbsp;<img src="https://cdn.tinymce.com/4/plugins/emoticons/img/smiley-tongue-out.gif" alt=
981245 DETECTS BASIC SQL AUTHENTICATION BYPASS ATTEMPTS 2/3-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146="></p> 1
981247B            DETECTS CONCATENATED BASIC SQL INJECTION AND SQLLFI ATTEMPTS-OWASP_CRS/WEB_ATTACK/SQLI-2000000409_167=190840 insert
960024            OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION-ARGS:MESSAGE

@Behodar: One of your posts triggered a SQL Injection alert:

960024            OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION-ARGS:MESSAGE=> <
981231 OWASP_CRS/WEB_ATTACK/SQL_INJECTION-ARGS:MESSAGE= #1
950901 OWASP_CRS/WEB_ATTACK/SQL_INJECTION-ARGS:MESSAGE=p>It
981245 DETECTS BASIC SQL AUTHENTICATION BYPASS ATTEMPTS 2/3-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146="><br>T
981246 DETECTS BASIC SQL AUTHENTICATION BYPASS ATTEMPTS 3/3-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=or how it stands up to baggage handlers but all 3 of the fabrics you see there look like the day I got them and they have all done at least 4x
981247B            DETECTS CONCATENATED BASIC SQL INJECTION AND SQLLFI ATTEMPTS-OWASP_CRS/WEB_ATTACK/SQLI-2000000409_167=179 214792 1 insert
960024            OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION-ARGS:MESSAGE

I will have to look at what changed in the rules to trigger this.

Ok, I've made a change in the rules. Let's see how it goes.

Behodar: Bizarre. I certainly didn't post anything resembling SQL!

I don't even know what it is, so you're one up on me! 

Just rest knowing we're here to protect you, citizen.

freitasm:

 

Just rest knowing we're here to protect you, citizen.

 

Thanks. I will. 

Just as long as no one thinks I did whatever that was deliberately!

drop table users;

delete from posts where id > 1;