Summary: | Suricata: if suricata is enabled pakfire cant install packets | ||
---|---|---|---|
Product: | IPFire | Reporter: | Daniel Weismüller <whytea> |
Component: | --- | Assignee: | Stefan Schantl <stefan.schantl> |
Status: | CLOSED CANTFIX | QA Contact: | |
Severity: | - Unknown - | ||
Priority: | - Unknown - | CC: | michael.tremer |
Version: | 2 | ||
Hardware: | unspecified | ||
OS: | Unspecified | ||
Bug Depends on: | |||
Bug Blocks: | 11801 |
Description
Daniel Weismüller
2019-01-23 15:19:04 UTC
This happens because HTTP requrests will be hard transformed to HTTPS because of enforced HSTS by the pakfire server. Suricata does not recognize this correctly or blocks it - I have to have a closer look on this. So we need to adjust suricata or to modify the default proto for pakfire from HTTP to HTTPS ( "/opt/pakfire/lib/functions.pl" line 147 ) I do not understand what you are saying. HSTS headers are widely used. They should not cause problems. Pakfire should only be using HTTPS by now. I cannot reproduce this any more. So I suppose this was a bad rule. |