11976 – Suricata: if suricata is enabled pakfire cant install packets

Bug 11976 - Suricata: if suricata is enabled pakfire cant install packets

Summary: Suricata: if suricata is enabled pakfire cant install packets

Status:	CLOSED CANTFIX

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	- Unknown - - Unknown -
Assignee:	Stefan Schantl
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	SURICATA
	Show dependency tree / graph

Reported:	2019-01-23 15:19 UTC by Daniel WeismÃ¼ller
Modified:	2019-02-01 11:13 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel WeismÃ¼ller 2019-01-23 15:19:04 UTC

I tried to install tmux it went to ca. 97% and than the installation holds on and never finish.

Tried it severell times. 

After disabling suricata pakfire installed tmux without any problem.

Comment 1 Stefan Schantl 2019-01-29 13:00:14 UTC

This happens because HTTP requrests will be hard transformed to HTTPS because of enforced HSTS by the pakfire server.

Suricata does not recognize this correctly or blocks it - I have to have a closer look on this.

So we need to adjust suricata or to modify the default proto for pakfire from HTTP to HTTPS ( "/opt/pakfire/lib/functions.pl" line 147 )

Comment 2 Michael Tremer 2019-01-29 13:16:30 UTC

I do not understand what you are saying. HSTS headers are widely used. They should not cause problems.

Pakfire should only be using HTTPS by now.

Comment 3 Michael Tremer 2019-02-01 11:12:53 UTC

I cannot reproduce this any more. So I suppose this was a bad rule.