search

Quantalytics / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

Error 500 Can't connect (timeout) #158

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. fresh installed pulledpork 0.7.0
2. fresh installed snort version 2.9.6.2
3. https_proxy is set and works with wget, cpan Mozilla::CA IO::Socket::SSL are 
installed

What is the expected output? What do you see instead?
Working connection.

What version of the product are you using? On what operating system?
debian wheezy

Please provide any additional information below.
Here is the -vv output:

** GET 
https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5?oinkcode=4b32d72
fe46XXXXXXX7008c86e205d1c44030 ==> 500 Can't connect to www.snort.org:443 
(timeout) (60s)
    Error 500 when fetching https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 466
    main::md5file('4b32d72fe46XXXXXXX7008c86e205d1c44030', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/rules/') called at /usr/local/bin/pulledpork.pl line 1850

I modified pulledpork.pl to connect to different https hosts, like 
https://google.de and I get the same problem: timeout.

wget works for this call: 
https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5?oinkcode=4b32d72
fe46XXXXXXX7008c86e205d1c44030

https_proxy is set correctly, but only pulledpork isn't able to connect to the 
snort host. Snort is now denying downloading rules via http. So it's completely 
not working anymore.

Original issue reported on code.google.com by reuter.r...@gmail.com on 28 Aug 2014 at 11:10

GoogleCodeExporter commented 9 years ago 
I finally figured out the problem. If somebody has the same obstacles, here is 
the solution:

modify pulledpork.pl:

+ use Net::SSL;
+ use LWP::Protocol::https;

+ $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;

- getstore( "http://www.snort.org/reg-rules/$rule_file/$oinkcode",
+ getstore( "https://www.snort.org/rules/$rule_file?oinkcode=$oinkcode",

- getstore( "http://www.snort.org/reg-rules/$rule_file.md5/$oinkcode",
+ getstore( "https://www.snort.org/rules/$rule_file.md5?oinkcode=$oinkcode",

and finally export the following environment:

export PERL_LWP_ENV_PROXY=http://yourProxy:Port

Original comment by reuter.r...@gmail.com on 1 Sep 2014 at 11:33

GoogleCodeExporter commented 9 years ago 
There was a problem with the snort.org website at this time, the old schema for 
getstore will still work.  This being said, similar changes to what you have 
noted will be occurring in the next release.

Original comment by Cummin...@gmail.com on 29 Sep 2014 at 2:47