<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">We have moved to Cloudflare to balance the traffic we are receiving on the site.  We had a particular user that shared an oinkcode <i class="">somewhere, </i>and as a result we were dealing with over 35 Millon downloads a day, so we had to upgrade a bit.<div class=""><br class=""></div><div class="">We have heard that older versions (or perhaps older cert trusts) of curl and wget are having a problem navigating through Cloudflare over to the site.   It’s difficult for us to pin down as our tests work, and download numbers are staying constant, however, we have had a few people (like yourselves) say you can’t reach the site.</div><div class=""><br class=""></div><div class="">I suggest the above.  (versions of curl/wget/cert trusts) and let me know your results.</div><div class=""><span style="font-size: 12px; font-family: 'Lucida Grande';" class=""><br class=""></span></div><div class=""><span style="font-size: 12px; font-family: 'Lucida Grande';" class="">--</span><br class=""><span style="font-size: 12px; font-family: 'Lucida Grande';" class=""><b class="">Joel Esler</b></span><br class=""><span style="font-size: 12px; font-family: 'Lucida Grande';" class="">Open Source Manager</span><br class=""><span style="font-size: 12px; font-family: 'Lucida Grande';" class="">Threat Intelligence Team Lead</span><br class=""><span style="font-size: 12px; font-family: 'Lucida Grande';" class="">Talos</span></div><div class=""><br class=""><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Dec 11, 2014, at 5:58 AM, <a href="mailto:elof@...6680..." class="">elof@...6680...</a> wrote:</div><br class="Apple-interchange-newline"><div class=""><br class="">I too have this annoying issue.<br class=""><br class="">wget -v --debug '<a href="https://www.snort.org/'" class="">https://www.snort.org/'</a><br class="">DEBUG output created by Wget 1.13.4 on linux-gnu.<br class=""><br class="">URI encoding = `UTF-8'<br class="">--2014-12-10 11:49:27--  <a href="https://www.snort.org/" class="">https://www.snort.org/</a><br class="">Resolving <a href="http://www.snort.org" class="">www.snort.org</a> (<a href="http://www.snort.org" class="">www.snort.org</a>)... 104.28.24.35, 104.28.25.35, <br class="">2400:cb00:2048:1::681c:1823, ...<br class="">Caching <a href="http://www.snort.org" class="">www.snort.org</a> => 104.28.24.35 104.28.25.35 <br class="">2400:cb00:2048:1::681c:1823 2400:cb00:2048:1::681c:1923<br class="">Connecting to <a href="http://www.snort.org" class="">www.snort.org</a> (<a href="http://www.snort.org" class="">www.snort.org</a>)|104.28.24.35|:443... <br class="">connected.<br class="">Created socket 4.<br class="">Releasing 0x0000000002278790 (new refcount 1).<br class="">GnuTLS: A TLS fatal alert has been received.<br class="">Closed fd 4<br class="">Unable to establish SSL connection.<br class=""><br class=""><br class=""><br class="">If you use Debian Stable you get wget 1.13.4.<br class="">Googling the error message hints that you need wget >= 1.15.<br class=""><br class=""><br class="">Do anyone have a workaround? I don't want to compile the latest wget <br class="">manually, since this breaks the ability to easily keep everything <br class="">up to date with 'apt-get upgrade'.<br class=""><br class="">/Elof<br class=""><br class=""><br class="">On Wed, 10 Dec 2014, waldo kitty wrote:<br class=""><br class=""><blockquote type="cite" class="">On 12/10/2014 6:56 PM, Cary Townsend wrote:<br class=""><blockquote type="cite" class="">Hi All,<br class=""><br class="">We use wget to obtain rule updates from <a href="http://snort.org" class="">snort.org</a> with our oink code, but it<br class="">is now broken.  Apparently, <a href="http://snort.org" class="">snort.org</a> is now behind cloudflare, which denies<br class="">direct IP access.  Basically, the cert wget ultimately receives is<br class="">cloudflare's cert, not <a href="http://snort.org" class="">snort.org</a>'s.  A web browser seems to get redirected<br class="">somehow to the real snort site and gets the <a href="http://snort.org" class="">snort.org</a> cert.  Thoughts?<br class=""></blockquote><br class="">wget works fine over here...  we've not seen any problems using it other than a<br class="">few niggles here and there that were easily taken care of...<br class=""><br class="">do you perhaps mean amazonaws instead of cloudfare?<br class=""><br class="">what url are you using to get the rules? (obfuscate your oinkcode)<br class=""><br class="">what version of snort are you trying to get rules for?<br class=""><br class="">--<br class=""> NOTE: No off-list assistance is given without prior approval.<br class="">       Please *keep mailing list traffic on the list* unless<br class="">       private contact is specifically requested and granted.<br class=""><br class="">------------------------------------------------------------------------------<br class="">Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server<br class="">from Actuate! Instantly Supercharge Your Business Reports and Dashboards<br class="">with Interactivity, Sharing, Native Excel Exports, App Integration & more<br class="">Get technology previously reserved for billion-dollar corporations, FREE<br class=""><a href="http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk" class="">http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk</a><br class="">_______________________________________________<br class="">Snort-users mailing list<br class="">Snort-users@lists.sourceforge.net<br class="">Go to this URL to change user options or unsubscribe:<br class="">https://lists.sourceforge.net/lists/listinfo/snort-users<br class="">Snort-users list archive:<br class="">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users<br class=""><br class="">Please visit http://blog.snort.org to stay current on all the latest Snort news!<br class=""><br class=""></blockquote><br class="">------------------------------------------------------------------------------<br class="">Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server<br class="">from Actuate! Instantly Supercharge Your Business Reports and Dashboards<br class="">with Interactivity, Sharing, Native Excel Exports, App Integration & more<br class="">Get technology previously reserved for billion-dollar corporations, FREE<br class=""><a href="http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk" class="">http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk</a><br class="">_______________________________________________<br class="">Snort-users mailing list<br class="">Snort-users@lists.sourceforge.net<br class="">Go to this URL to change user options or unsubscribe:<br class="">https://lists.sourceforge.net/lists/listinfo/snort-users<br class="">Snort-users list archive:<br class="">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users<br class=""><br class="">Please visit http://blog.snort.org to stay current on all the latest Snort news!<br class=""></div></blockquote></div><br class=""></div></div></body></html>