Snort OpenAppID RULES - Server returned error code 0



  • I've been unable to download the OpenAppID RULES for about 6 weeks due to the following error code - Server returned error code 0. All of the other rules update every day.

    I've also deleted the Snort package and re-installed it and restored pfSense to a versus where Snort had previously updated all rules.



  • @EWBtCiaST:

    I've been unable to download the OpenAppID RULES for about 6 weeks due to the following error code - Server returned error code 0. All of the other rules update every day.

    I've also deleted the Snort package and re-installed it and restored pfSense to a versus where Snort had previously updated all rules.

    Read the warning notice on the screen where you select the download of the OpenAppID rules.  They are currently maintained by a volunteer contributor and are hosted on a University web site in Brazil.  That University uses geo-blocking software to protect their web assets.  Thus some countries and IP blocks will find themselves blocked by that system.

    That may well be the case for you.  I hear some work is going going to maybe get these volunteer rules hosted elsewhere.  If that happens, the geo-blocking issue should go away.

    Bill



  • Bill,

    Thanks for the reply. I don't think that's the problem as I'm in the U.S. and I was just able to download the rules using a test virtual machine with the same public IP as the one that doesn't work.



  • @EWBtCiaST:

    Bill,

    Thanks for the reply. I don't think that's the problem as I'm in the U.S. and I was just able to download the rules using a test virtual machine with the same public IP as the one that doesn't work.

    Are you running any other blocking packages?  pfBlockerNG, for example.  Some of the IP lists there have blocked access to rules downloads for folks using them.  Do you have a proxy of some sort in use?

    The download process is just a simple call to the curl() functions in PHP with the rules URL.  The exact same code is used for all the rules downloads, so if one works that means the underlying code is good.  Otherwise, no downloads would work.

    Bill


Log in to reply