pfBlockerNG-devel v3.1.0_1 - Not able to download Talos Feeds
-
I just upgraded to pfSense version 2.6.0-RELEASE and when I went to update my feeds, I noticed that I get a 403 Forbidden error. I have seen this come up a few times in the forum, once for the curl agent and the other issue was because the user was not using the devel version. He was instructed to do that as the error or issue had already been addressed. Please see my screenshot. Thanks
-
-
The Talos_BLlist
https://talosintelligence.com/documents/ip-blacklist
redirects to
https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/013/074/original/ip_filter.blf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAU7AK5ITMGOEV4EFM%2F20220301%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220301T120615Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=b8e9271d7186545c7c3c2c4fed0a8124033fd1e6cf618b1b232be010bafbb074
So maybe you're blocking amazonaws.com...?
-
@provels Nah, don't think he actually is blocked by Amazon but we had multiple occurences of such things with lists hosted via AWS. Mostly the seem to intercept or tamper with downloads that have a "bot-like" useragent like e.g. curl.
I have multiple devices running with different WAN lines and all of them seem to have trouble currently with that one blocklist for the last few days. Today they seem fine again, so pretty sure that is AWS tinkering with botfiltering again.
Or it's the old Talos feed that now throws a 1020 error with cloudflare: https://www.talosintelligence.com/feeds/ip-filter.blf
Then the fix is easy :) -
I was seeing this too but now it's downloading it again.