Feed Update Issue -- Talos
-
One point for @NogBadTheBad : you just discovered that a browser is probably somewhat smarter as the 'wget' or 'curl' used by 'pfBlockerNG'.
-
It's exactly the same for me.
I provisionally changed the url to Amazon hosted and it seems to work.
https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/066/901/original/ip_filter.blf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20190502%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190502T162159Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=3e1120e4e5e9b3d2b5e516f03adcfa299a9ef616c0aa859424a12d8d41c5d2d7
[ Spamhaus_Drop_v4 ] exists. [ Spamhaus_eDrop_v4 ] exists. [ Talos_BL_v4 ] Downloading update .. 200 OK. completed ..I took note of the previous url in case it works again.
https://www.talosintelligence.com/feeds/ip-filter.blf
Greetings.
-
@linuxmanr4 Your link doesn't seem to work anymore. I believe the extended information has caused it to expire. Same with me. Things are munged server-side.
-
That's right @provels , it worked for a while and then it did the same thing again.
I am going to report this problem to pfBlockerNG.
-
@linuxmanr4
There is an "Expires=3600" in the redirect URL
-
https://twitter.com/BBcan177/status/1124471820940468224
-
The user agent curlopt was resulting in a 403 from Cloudflare, seems they didn't like Google Chrome 43 circa 2015.
I changed my user agent to plain old 'curl' and everything is working again.
edit /usr/local/pkg/pfblockerng/pfblockerng.inc line 118:
from:$pfb['curl_defaults'] = array( CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36',to:
$pfb['curl_defaults'] = array( CURLOPT_USERAGENT => 'curl',edit /usr/local/pkg/pfblocker/pfblockerng_install.inc line 59:
from:curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36');to:
curl_setopt($ch, CURLOPT_USERAGENT, 'curl');-neo
P.s. @BBcan177 if you're going to fix this, while you're in there can you replace 1.1.1.1 with the RFC 5737 compliant 192.0.2.0 so we can use Cloudflare DNS w/o having to edit pfblockerng.inc and pfblockerng.sh please? :) (don't forget about the regex on pfblockerng.sh line 992)
Edit: BTW, not sure what's going on with caching, but restart php-fam didn't cause an update, I had to delete the /usr/local/pkg/pfblockerng/.pfblockerng.* files and then restart php-fam for the change to activate.
Edit2: diff for 2.1.4_17, fixes cloudflare DNS and Talos blacklists. pfblockerng_2.1.4_17.diff
- scp/sftp the diff file to /usr/local/pkg/pfblockerng
- run the following command from a shell:
cd /usr/local/pkg/pfblockerng ; patch -p0 < pfblockerng_2.1.4_17.diff -
This worked for me, Thanks!
[ Talos_BL_v4 ] Downloading update .. 200 OK. completed ..
@neoaeon said in Feed Update Issue -- Talos:
edit /usr/local/pkg/pfblockerng/pfblockerng.inc line 118:
from:
$pfb['curl_defaults'] = array( CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36',to:
$pfb['curl_defaults'] = array( CURLOPT_USERAGENT => 'curl',edit /usr/local/pkg/pfblocker/pfblockerng_install.inc line 59:
from:
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36');to:
curl_setopt($ch, CURLOPT_USERAGENT, 'curl'); -
Thanks @neoaeon, after modifying the files the problem has been solved.
-
The feed now download without any modification to User agent.
-
@RonpfS said in Feed Update Issue -- Talos:
The feed now download without any modification to User agent.
Thanks for the update!
-
Looks like this feed is borked again. Worked fine for a while. Redid the useragent mods to fix.
-
@provels updating useragent fixed this again for me
-
Zombie thread resurrection as this issue is back due to a regression.
Link to new thread: https://forum.netgate.com/topic/161817/pfblockerng-2-1x-fix-for-talos-feed-and-cloudflare-1-1-1-1-dns
