Bug 11976

Summary: Suricata: if suricata is enabled pakfire cant install packets
Product: IPFire Reporter: Daniel Weismüller <whytea>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED CANTFIX QA Contact:
Severity: - Unknown -    
Priority: - Unknown - CC: michael.tremer
Version: 2   
Hardware: unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 11801    

Description Daniel Weismüller 2019-01-23 15:19:04 UTC 
I tried to install tmux it went to ca. 97% and than the installation holds on and never finish.

Tried it severell times. 

After disabling suricata pakfire installed tmux without any problem.
Comment 1 Stefan Schantl 2019-01-29 13:00:14 UTC 
This happens because HTTP requrests will be hard transformed to HTTPS because of enforced HSTS by the pakfire server.

Suricata does not recognize this correctly or blocks it - I have to have a closer look on this.

So we need to adjust suricata or to modify the default proto for pakfire from HTTP to HTTPS ( "/opt/pakfire/lib/functions.pl" line 147 )
Comment 2 Michael Tremer 2019-01-29 13:16:30 UTC 
I do not understand what you are saying. HSTS headers are widely used. They should not cause problems.

Pakfire should only be using HTTPS by now.
Comment 3 Michael Tremer 2019-02-01 11:12:53 UTC 
I cannot reproduce this any more. So I suppose this was a bad rule.