[Snort-users] 403 Error when attempting to pull rules using Pulled-Pork
jesler at ...1935...
Wed Feb 20 08:46:36 EST 2013
Add a 0 to the end of the "294" line. 2940.tar.gz. It'll work.
Senior Research Engineer, VRT
OpenSource Community Manager
On Wednesday, February 20, 2013 at 8:41 AM, Tamara Fisher wrote:
> I'm having issues when attempting to fetch subscriber rules and have questions.
> I use the following rule path:
> but I notice that the GET request that is submitted is:
> GET https://www.snort.org/reg-rules/snortrules-snapshot-294.tar.gz.md5/<my_oinkcode> ==> SSL_connect:before/connect initialization
> Is it normal that the rule path shows sub-rules and GET request shows reg-rules? Can anyone see any issues with my config or have any suggestions?
> I have checked that ca-certificates is installed and updated. I continue to wait 30 minutes between attempts, reconfigs and re-attempts but having same 403 error each time.
> Google is no longer helpful.
> Any help appreciated.
> My extra verbose error:
> Config File Variable Debug /etc/snort/pulledpork.conf
> snort_path = /usr/local/bin/snort
> enablesid = /etc/snort/enablesid.conf
> modifysid = /etc/snort/modifysid.conf
> rule_path = /etc/snort/rules/snort.rules
> ignore = deleted.rules,experimental.rules,local.rules
> rule_url = ARRAY(0x22e5400)
> snort_version = 2.9.4
> sid_changelog = /var/log/sid_changes.log
> sid_msg = /etc/snort/sid-msg.map
> ips_policy = security
> config_path = /etc/snort/snort.conf
> sostub_path = /etc/snort/so_rules
> temp_path = /tmp
> distro = RHEL-6.0
> version = 0.6.0
> sorule_path = /usr/local/lib/snort_dynamicrules/
> disablesid = /etc/snort/disablesid.conf
> local_rules = /etc/snort/rules/local.rules
> MISC (CLI and Autovar) Variable Debug:
> arch Def is: x86-64
> Config Path is: /etc/snort/pulledpork.conf
> Distro Def is: RHEL-6.0
> security policy specified
> local.rules path is: /etc/snort/rules/local.rules
> Rules file is: /etc/snort/rules/snort.rules
> Path to disablesid file: /etc/snort/disablesid.conf
> Path to enablesid file: /etc/snort/enablesid.conf
> Path to modifysid file: /etc/snort/modifysid.conf
> sid changes will be logged to: /var/log/sid_changes.log
> sid-msg.map Output Path is: /etc/snort/sid-msg.map
> Snort Version is: 2.9.4
> Snort Config File: /etc/snort/snort.conf
> Snort Path is: /usr/local/bin/snort
> SO Output Path is: /usr/local/lib/snort_dynamicrules/
> SO Stub File is: /etc/snort/so_rules
> Extra Verbose Flag is Set
> Verbose Flag is Set
> Base URL is: https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz|<my_oinkcode>
> Checking latest MD5 for snortrules-snapshot-294.tar.gz....
> Fetching md5sum for: snortrules-snapshot-294.tar.gz.md5
> ** GET https://www.snort.org/reg-rules/snortrules-snapshot-294.tar.gz.md5/<my_oinkcode> ==> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read server session ticket A
> SSL_connect:SSLv3 read finished A
> 403 Forbidden
> A 403 error occurred, please wait for the 15 minute timeout
> to expire before trying again or specify the -n runtime switch
> You may also wish to verfiy your oinkcode, tarball name, and other configuration options
> Error 403 when fetching https://www.snort.org/sub-rules/snortrules-snapshot-294.tar.gz.md5 at /usr/local/bin/pulledpork.pl (http://pulledpork.pl) line 453
> main::md5file('f9751bd415990aae31509d71805891ac089', 'snortrules-snapshot-294.tar.gz', '/tmp/', 'https://www.snort.org/sub-rules/') called at /usr/local/bin/pulledpork.pl (http://pulledpork.pl) line 1758
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> Snort-users mailing list
> Snort-users at lists.sourceforge.net (mailto:Snort-users at lists.sourceforge.net)
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users