Update Failed: Server 302 error when running update.



  • Hello all! I've been loving pfSense and Snort. It's helped me tremendously. Recently (since Oct 25) my updates have been failing. It appears to be an SSL error if I am interpreting the 302 error correctly. Unsure how to get around this? Any help is much appreciated.

    Log is in the spoiler below.

    Starting rules update...  Time: 2019-11-05 21:44:38
    	Downloading Snort Subscriber rules md5 file snortrules-snapshot-29141.tar.gz.md5...
    	Checking Snort Subscriber rules md5 file...
    	There is a new set of Snort Subscriber rules posted.
    	Downloading file 'snortrules-snapshot-29141.tar.gz'...
    	Snort Subscriber rules file download failed.  Server returned error 302.
    	The error text was: 302 Found
    	Snort Subscriber rules will not be updated.
    	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
    	Checking Snort OpenAppID detectors md5 file...
    	There is a new set of Snort OpenAppID detectors posted.
    	Downloading file 'snort-openappid.tar.gz'...
    	Snort OpenAppID detectors file download failed.  Server returned error 302.
    	The error text was: 302 Found
    	Snort OpenAppID detectors will not be updated.
    	Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5...
    	Checking Snort OpenAppID RULES detectors md5 file...
    	There is a new set of Snort OpenAppID RULES detectors posted.
    	Downloading file 'appid_rules.tar.gz'...
    	Done downloading rules file.
    	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    	Checking Snort GPLv2 Community Rules md5 file...
    	There is a new set of Snort GPLv2 Community Rules posted.
    	Downloading file 'community-rules.tar.gz'...
    	Snort GPLv2 Community Rules file download failed.  Server returned error 302.
    	The error text was: 302 Found
    	Snort GPLv2 Community Rules will not be updated.
    	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    	Checking Emerging Threats Open rules md5 file...
    	Emerging Threats Open rules are up to date.
    	Extracting and installing Snort OpenAppID detectors...
    	Installation of Snort OpenAppID detectors completed.
    The Rules update has finished.  Time: 2019-11-05 21:47:47
    



  • Where are you located (what part of the world and country) and what other packages do you have installed?

    The Snort rules are provided by the Snort team and are hosted on AWS infrastructure. That infrastructure has tentacles all over the planet. It's possible the location nearest you is having issues, but more likely something is getting in the way on your end.

    Rules updates are working fine for me. Just was doing some experimenting on a virtual machine pfSense install and downloaded the current rules 3 times in less than an hour without issue. I am in the United States.

    Not trying to place blame on any one thing, but some IP lists used by folks in pfBlockerNG and/or DNSBL have caused Snort rules update issues as have installs of Squid and SquidGuard. These packages have sometimes misidentified AWS web space IP addresses as "hostile".

    Last thing, are you perhaps attempting to access over a VPN? That could cause issues.

    My research indicates that error 302 means "target resource temporarily resides under a different URI". That would point to maybe some kind of proxy issue on your end.



  • Located in the USA. I can tracert to amazonaws just fine from my WAN. I do not have Squid installed nor do I have a proxy set up.

    I do have OpenVPN set up, but I assumed Snort would use my WAN interface to update. Is that not the case? What I can't figure out is why some rules update just fine but others don't.

    Again, to be clear, I do not use a proxy. I can download the rules manually from my windows PC just fine.



  • @User5509 said in Update Failed: Server 302 error when running update.:

    Located in the USA. I can tracert to amazonaws just fine from my WAN. I do not have Squid installed nor do I have a proxy set up.

    I do have OpenVPN set up, but I assumed Snort would use my WAN interface to update. Is that not the case? What I can't figure out is why some rules update just fine but others don't.

    Again, to be clear, I do not use a proxy. I can download the rules manually from my windows PC just fine.

    If you are using a VPN, then check and see if you have the "Don't Pull Routes" option enabled. If not, your firewall will accept routing offers from the VPN provider. In almost every case that will result in your default route being changed to the VPN provider's gateway instead of your normal WAN gateway.

    So check that box and configure it so that your firewall does not pull routes from your VPN provider. I suspect that is the problem. It can't be a bug within the Snort package because then it would work for nobody. So it must be something unique on your system.

    For the record, I am a big anti-VPN guy who thinks they serve no purpose other than extending a business network to multiple remote locations or providing secure remote access back into a secure network. Using a VPN for "secrecy" and "anonymity" generally leads to nothing but trouble with other services. But to each his own.



  • I checked my OpenVPN settings and "Don't Pull Routes" is already checked. I ran the update again and got the following:

    Starting rules update...  Time: 2019-11-06 07:39:30
    	Downloading Snort Subscriber rules md5 file snortrules-snapshot-29141.tar.gz.md5...
    	Checking Snort Subscriber rules md5 file...
    	There is a new set of Snort Subscriber rules posted.
    	Downloading file 'snortrules-snapshot-29141.tar.gz'...
    	Snort Subscriber rules file download failed.  Server returned error 302.
    	The error text was: 302 Found
    	Snort Subscriber rules will not be updated.
    	Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
    	Checking Snort OpenAppID detectors md5 file...
    	There is a new set of Snort OpenAppID detectors posted.
    	Downloading file 'snort-openappid.tar.gz'...
    	Snort OpenAppID detectors file download failed.  Server returned error 302.
    	The error text was: 302 Found
    	Snort OpenAppID detectors will not be updated.
    	Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5...
    	Checking Snort OpenAppID RULES detectors md5 file...
    	There is a new set of Snort OpenAppID RULES detectors posted.
    	Downloading file 'appid_rules.tar.gz'...
    	Done downloading rules file.
    	Downloading Snort GPLv2 Community Rules md5 file community-rules.tar.gz.md5...
    	Checking Snort GPLv2 Community Rules md5 file...
    	There is a new set of Snort GPLv2 Community Rules posted.
    	Downloading file 'community-rules.tar.gz'...
    	Snort GPLv2 Community Rules file download failed.  Server returned error 302.
    	The error text was: 302 Found
    	Snort GPLv2 Community Rules will not be updated.
    	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    	Checking Emerging Threats Open rules md5 file...
    	Emerging Threats Open rules are up to date.
    	Extracting and installing Snort OpenAppID detectors...
    	Installation of Snort OpenAppID detectors completed.
    The Rules update has finished.  Time: 2019-11-06 07:42:41
    



  • Here is my update log showing a successful download yesterday --

    Starting rules update...  Time: 2019-11-05 13:30:00
    	Downloading Snort Subscriber rules md5 file snortrules-snapshot-29141.tar.gz.md5...
    	Checking Snort Subscriber rules md5 file...
    	There is a new set of Snort Subscriber rules posted.
    	Downloading file 'snortrules-snapshot-29141.tar.gz'...
    	Done downloading rules file.
    	Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    	Checking Emerging Threats Open rules md5 file...
    	Emerging Threats Open rules are up to date.
    	Extracting and installing Snort Subscriber Ruleset...
    	Using Snort Subscriber precompiled SO rules for FreeBSD-11 ...
    	Installation of Snort Subscriber rules completed.
    	Copying new config and map files...
    	Updating rules configuration for: WAN ...
    	Updating rules configuration for: DMZ ...
    	Updating rules configuration for: LAN ...
    	Restarting Snort to activate the new set of rules...
    	Snort has restarted with your new set of rules.
    The Rules update has finished.  Time: 2019-11-05 13:30:56
    

    No "server returned 302" error anywhere. I don't know what, but something is wrong with your setup or your traffic is being changed someplace.



  • I have continued to research your error, but have not found what the exact cause might be. The firewall uses curl within PHP to connect to the rules host and download updates. When compared to modern browsers, curl is more limited in terms of the way it handles redirects. The PHP code in the Snort package configures the curl agent to accept and follow redirects, but it may not follow them in the same manner as say a modern version of Chrome or Firefox. The browsers have more redirect options.

    Maybe the particular AWS host you are hitting from your IP is different from the one I hit although we are both in the US. That error usually means the destination host is attempting to redirect the client to a different URI than the one the client initially submitted. However, it's possible the error is not a true indicator of the root problem.

    Not sure what else I can do since I am unable to reproduce the problem. I've had no issues at all downloading the updates. As I mentioned previously, last night I was installing Snort fresh on virtual machines while testing an upcoming package update. I downloaded the Snort Subscriber and Community GPLv2 rules archives several times in a row successfully from within those install sessions.


Log in to reply