• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

502 Bad Gateway when selecting Suricata IDS / Interface LAN - Categories / LAN Rules

Scheduled Pinned Locked Moved webGUI
8 Posts 2 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JGdgZPQatDDjpA
    last edited by Jun 22, 2021, 5:29 PM

    502 Bad Gateway when selecting Suricata IDS / Interface LAN - Categories / LAN Rules

    Looking for solution or a noob guide on how to troubleshoot this issue.

    1 Reply Last reply Reply Quote 0
    • B
      bmeeks
      last edited by Jun 22, 2021, 8:27 PM

      Need a little more info to clarify what you are doing for me.

      1. So you go to Suricata under SERVICES in the pfSense menu.

      2. Then on the INTERFACES tab that opens you click the icon to edit a Suricata interface (you can also just double-click on the row to edit).

      3. Then you click the CATEGORIES tab. Is that when you get the Gateway error, or are you clicking something else on the tab?

      J 1 Reply Last reply Jun 24, 2021, 11:15 PM Reply Quote 1
      • J
        JGdgZPQatDDjpA @bmeeks
        last edited by Jun 24, 2021, 11:15 PM

        @bmeeks

        #1 and #2 are correct.

        #3 I am selecting <interface> Rules. Get 502

        In the system log I have a nginx entry which has the following Message...

        2021/06/24 18:09:21 [error] 85337#100126: *1 upstream prematurely closed connection while reading response header from upstream, client: x.x.x.x, server: , request: "GET /suricata/suricata_rules.php?id=0 HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket:", host: "XXXXXXXX", referrer: "https://XXXXXXXX/suricata/suricata_rulesets.php?id=0"

        1 Reply Last reply Reply Quote 0
        • B
          bmeeks
          last edited by Jun 24, 2021, 11:35 PM

          What kind of hardware to do you have? Is it possibly a Netgate SG-3100 or SG-1000? If so, there is a known issue with PHP crashing on that CPU platform when certain PERL regex functions are called. Those functions are called by the Suricata GUI code that builds the web page when you click the RULES tab.

          If that is your problem, there is a patch you can apply to pfSense to work around the issue. This forum post has the details for installing the patch: https://forum.netgate.com/topic/161050/snort-won-t-start-after-upgrade-to-21-02-on-sg-3100/24.

          J 1 Reply Last reply Jun 24, 2021, 11:47 PM Reply Quote 1
          • J
            JGdgZPQatDDjpA @bmeeks
            last edited by Jun 24, 2021, 11:47 PM

            @bmeeks said in 502 Bad Gateway when selecting Suricata IDS / Interface LAN - Categories / LAN Rules:

            SG-3100

            Yep a SG-3100

            B 1 Reply Last reply Jun 24, 2021, 11:50 PM Reply Quote 0
            • B
              bmeeks @JGdgZPQatDDjpA
              last edited by bmeeks Jun 24, 2021, 11:50 PM Jun 24, 2021, 11:50 PM

              @jgdgzpqatddjpa said in 502 Bad Gateway when selecting Suricata IDS / Interface LAN - Categories / LAN Rules:

              @bmeeks said in 502 Bad Gateway when selecting Suricata IDS / Interface LAN - Categories / LAN Rules:

              SG-3100

              Yep a SG-3100

              Follow the instructions in that post I linked. First install the System Patches package, and then that PHP patch (using the System Patches package).

              Be sure to either reboot the firewall, or restart php-fm after applying the patch. That should fix it for you. This patch is included in the upcoming releases of pfSense and pfSense+.

              J 1 Reply Last reply Jun 25, 2021, 12:07 AM Reply Quote 1
              • J
                JGdgZPQatDDjpA @bmeeks
                last edited by Jun 25, 2021, 12:07 AM

                @bmeeks

                In process...

                Darn thing gave me the 3 endless flashing blue lights

                Hard rebooted it. Yes not a good idea, but its back up

                and.... The patch fixed the issue.

                Thank you!!!

                B 1 Reply Last reply Jun 25, 2021, 1:05 AM Reply Quote 0
                • B
                  bmeeks @JGdgZPQatDDjpA
                  last edited by Jun 25, 2021, 1:05 AM

                  @jgdgzpqatddjpa said in 502 Bad Gateway when selecting Suricata IDS / Interface LAN - Categories / LAN Rules:

                  @bmeeks

                  In process...

                  Darn thing gave me the 3 endless flashing blue lights

                  Hard rebooted it. Yes not a good idea, but its back up

                  and.... The patch fixed the issue.

                  Thank you!!!

                  Yeah, my experience with the SG-3100 is that it takes a LONG time to boot, and every now and then, you need to hard cycle the power (after waiting a very long time).

                  1 Reply Last reply Reply Quote 0
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received