Firefox is trying to act as a server

Hello everyone

First things first-- thanks to Mr. Melih for his nice program. I don’t doubt this is the best of the bunch, but because it DOES get the job done, it’s more complicated. No surprise, or at least it’s complicated for me.

My first computer was 486DX and DOS 6.22 so I keep thinking I should be able to handle this but not doing so well.

I stay 10,000 light years away from Internet Explorer. Using Opera 9.2.3 and Firefox This is a new install of Win 2000 SP4. Still don’t have 75% of programs loaded in yet, just basic stuff, including above browsers. 1.8 gig Pentium 4, Intel mobo, 512mb mem, GeForce 3 Ti200 graphics (128mb onboard), Enermax 350watt.

Here’s what I don’t understand. When I connect (dialup via, also known as, and then launch Opera, I get the usual message, asking if I want to allow Opera out on the Internet. I click YES. Everything goes ok for about 20 minutes and then I can no longer bring up any webpages. Has my connection died? Nope. If I close Opera, and relaunch, things begin working ok again. I have Opera set to trash the cache, cookies and history automatically on close, so there’s nothing to toss out. Having relaunched, it will resume working ok, and then in another 20-25 minutes, it’ll do the same thing. Must close the program, and relaunch.

Now, by comparison, Firefox behaves the same way, but Firefox is even more mysterious. Still connected, when I launch Firefox, I get the following warning box:

“Firefox is trying to act as a server”

Then I’m asked if I want to allow this. Well, not knowing what else to do, I clicked YES, then it presents another box asking if I want to allow Firefox off its chain to roam the Internet. Again, I click YES.

All runs ok for awhile, but just like Opera, after 20 minutes or so, I can’t bring up any new webpages. Have to close Firefox, manually throw out the cookie, download files, and empty all cache files. Relaunch, and all is well.

As of the moment, these are the only progs I’ve played with.

So my most inquisitive question is why does Firefox present this “Firefox is trying to act as a server” message, when Opera does NOT?? It makes one think that Firefox spyware itself. I have noticed that more recent versions of Firefox now have a file named “urlclassifier2.sqlite”, which is 0 bytes when you start out, but the first time you log on, the internet connection starts ringing up INBOUND data, to the tune of about 2mb, with no activity on my part. When this is done, one then notices this “urlclassifier2.sqlite” file to have swelled to over 2mb, so this explains where the data went.

I don’t like this kind of stuff. The older Firefox version 1.0.7 does NOT have this “urlclassifier2.sqlite” file, and the older program seems to be less intrusive, less Big Brother-ish. In fact, the only change I can see in the newer Firefox versions is a big leap in BIG BROTHER.

But that is another matter.

Can anyone off advice on the above 2 questions? It’s not like I haven’t tried to solve this myself. I have, and searched, but there don’t see anything that addresses these issues. I have to be away until at least tomorrow night so if anyone offers a suggestion, I won’t be able to reply until then.

Thank you in advance.
Tim Fossett
%NOSPAM%screech727 AT yahoo DOT com


first of all, if you set allow all in systray- icon of comodo, does it stop after 20 minutes too?

hence youre not protected meanwhile.

next i would set alert level to high in Advanced and check the going for facts.

report then for more help.


PS: you can make snapshots of the popups with alt- prt scrn and put them in a simple wordpad doc and then add them here …

Yes the 20 minutes problem needn’t be due to CFP, again it may be. It might have something to do with your dynamic IP refreshment, let’s wait for someone who really knows about it to post.

About Firefox needing to establish connections solicited from outside (“in” or “server”), it’s the way it works, it was the same with v1.5. Really can’t tell you how suspicious is that or what’s that file you mention. It’s true that neither IE nor Opera need that, but I guess it’s about how suspicable you are and how far you trust an established program like Firefox.


did you try disable windows service dns cache?

and have disable in dialup “use header compression” and “software compression”.

also might disable file and printer share.


You get that message about Firefox trying to act ‘as a server’ due to the security settings which use the loopback address ( to connect to itself and then to serve your chosen web pages to you. That’s why if you run netstat -an -p tcp -b from a command prompt you’ll see four loopback addresses for the browser. It’s a kind of proxy if you like which protects you from malicious programs you might come across while you’re surfing the web.

Although both companies patch their browsers pretty quickly, Opera is by no means any more secure than Firefox as can be demonstrated by this list of vulnerabilities.


Just my two pence worth regarding 20 minute hang up time. Check your dial-up Network Connections - Properties - Options - and try changing default (20 minutes) “Idle time before hanging up” to some other value or never.

As Zito explained, the “act as a server” is related to loopback monitoring. If you are not using a local proxy application (like proxomitron - which you’d know if you were), it is safe to disable loopback monitoring. Go to Security/Advanced/Miscellaneous and make sure both “Skip loopback…” boxes are checked - TCP and UDP (only one is by default, for local proxy security).

Many applications (such as FF) use the localhost/loopback for internal communications. This should be explained on the CFP’s FAQ board.

A quick and easy test to see if your browsing problem is related to CFP, you may temporarily set the Security Level to “Allow All” to see if the problem resolves. If it does, this indicates that CFP is blocking something you need to allow; if it does not, then it’s related to something else (possibly the remnants of your previous firewall). “Allow All” should not be used for general browsing as it effectively removes any protection CFP offers; it’s only for temporary testing purposes.


Hi everybody

First things first. Thanks to everyone who offered a helpful suggestion for the question I raised. I tried to connect to the Comodo Forum Sunday night but could not get in. Msg abt server down or busy-- try connecting later, so now it’s Monday AM and just now able to post a reply.

There’s a LOT to say in response to everyone’s suggestions. However, I agree the first thing to get done is to follow up on the suggestion of “meier12” and post the warning messages I’ve seen, which, YES, I did save. I’ve got 'em. Somewhere along the way I saw someone say that PNG is the image format desired at this forum, so I just finished using IrfanView (graphics image editing program) to convert the BMP files to PNG. I have 2 images, one is 32k, the other 36k, but I will post this message (with no images) and then go see if I can learn how to get them included in a separate post. Will get on that now. Thanks again for the comments. I’ll be back.

Hi Everyone–

Here’s my screen capture images that have be concerned. I’ll try to get these up and then make supporing comments in a separate post.


[attachment deleted by admin]

I can’t upload the other image. Now all I get is hassles with using this forum. The message says:

“The upload folder is full. Please try a smaller file and/or contact an administrator.”

You’re probably going to see a lot of these types of alerts with PowerDesk as the “culprit” given the nature of the application. But that puts you in the position to expect them. As long as you know both applications involved in the “hijacking” alert, it is safe to Allow w/Remember so that you won’t see that particular alert again (that’s the rule of thumb from the developers).

I’ve posted about the “upload folder” issue here:;new#new

That board is where you can post problems with the website (of which that would be one…).

If you ever run into that problem, you can try again to post (ie, log out and back in to the forums, then Modify your post and add the next attachment), or use an image-hosting site, pasting the code for the image into your text.



Upload folder had reached its limit…we have doubled it and it is working again.


I get these Firefox acting like a server messages too but not often. They occur when these conditions are met:
Connection idle for at least 45mins - Firefox closed
Relaunching Firefox after 45 mins idle will trip the alarms.
What does DNS cache have to do with this problem?


Well, I don’t know what to say. Actually, that’s not quite true. I DO know what I’d like to say, but I’d be banned from the forums.

I thank Administrator “garry” for advising the cause of my repeated failure to include the screen captures to support my post; it was the fault of the Comodo Forum not allocating enough resources

(“Upload folder had reached its limit…we have doubled it and it is working again.”)

How about that? As if there wasn’t enough difficulty already with this program, it’s just beyond belief that computer users are forced to deal with such unnecessary additional problems.

Just because a program entails no monetary cost does not absolve the producer from acting responsibly. I guess the people who run Comodo have taken their cues from Microsoft. Ever since Bill Gates entered the picture, charging people hundreds of dollars for his experimental operating systems, every last one of which has taken 2 or 3 years to straighten out, consideration for the customer’s difficulties has been flushed right down the drain. It seems it does not matter whether one pays $250 for a Windows OS, $500 for Office or $1,000 for Quark Express, or zero for Comodo Firewall, or any number of similar freebie programs, the hapless sucker that jumps into the fray with one of these products is truly embarking upon a game of computer Solitaire, most often with a deck of 51 cards; ■■■■■■ if you do, ■■■■■■ if you don’t; tails they win, heads you lose. It doesn’t make any difference if you read the book or not, or comb the forums, you still can’t get anything but more headaches. Solve one problem, create 3 new ones.

Just imagine, INBOUND POLICY VIOLATION notices, that crop up every few seconds, and no one has a clue what causes them, where they come from, or how the new user is to interpret such actions. All one can do with such stuff is become a paranoid psychotic.

It’s time to be done with this Comodo nonsense and just go back to accepting spyware, malware and whatever, as all the above is nowhere near as bad as fighting the unspeakable frustration of Comodo Firewall.

I could go on with this all night, until the sun comes up tomorrow, but what would be accomplished? 'Tis enough…

Thanks to those who took time to reply. I appreciate it very much.

Sorry you’re so miffed, nxradio, and feel like you’ve been offered no answer to your question.

The screenshot you provided shows nothing but a DNS query (Outbound, not inbound) and for Opera, not Firefox. I explained that you are going to see those types of alerts for PowerDesk due to the nature of the application (ie, PowerDesk; not the browser). The alert you posted shows that it is related to Application Behavior Analysis (ABA) - the “special windows messages” which is simply a common means of programs communicating with one another in a Windows operating system.

I also explained that if you know both applications (ie, you’re familiar with Opera and PowerDesk) and know that you installed them both on your computer, it is perfectly safe to Allow with Remember so you won’t see that particular alert again.

These questions, believe it or not, are very commonly asked, and are explained in considerable detail in the firewall FAQ board, or the FAQs/Threads - Read Me First post found in the firewall Help board.

I understand that you’re frustrated with the alerts you’re getting and you don’t know why you’re getting them. If you ask specific questions and post the relevant screenshots (so we can see what you see) someone will be happy to answer. Please keep in mind that the Moderators here are not Comodo employees; we’re volunteers that do this because we like to help. We try to respond within 24 hours, but sometimes we get hung up and can’t make it.

I also understand that you may be completely fed up with Comodo and just want to go somewhere else. That too is fine. If you want to make a go of it here, we’re here to help; if you prefer to go elsewhere, that’s not a problem either.


Thanks LittleMac. I’m still working on it. I do notice that none of this happens when I use Opera.

Isn’t that interesting???

Wow. Talk about biting the hand that feeds you tsk . . .


Browsers operate differently. I don’t use Opera, so I’m not in a position to comment too much on their differences; I only know they don’t act the same. This is not surprising, I think, as they are completely separate programs (not from the same vendor).

In reference back to the title of this thread, FF uses localhost/loopback for internal communications; this is part of what the “act as a server” message is about. Opera may not, or at least not in the same way. The thing that this message does NOT mean is that FF is opening ports for inbound connection (as a server would); it just means it’s prepared for connection whenever you give it a website to open.