pfBlockerNG update errors

dennypage

Following the update to 23.01-RC and pfBlockerNG-devel, I am receiving a daily flurry of errors such as these in the system log:

Feb  6 12:30:52 fw php-cgi[82398]: rc.update_urltables: /etc/rc.update_urltables: ERROR: could not update pfB_Africa_v4 content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_Africa_v4 <br />[ SC, SC_rep ]
Feb  6 12:30:52 fw php-cgi[82398]: rc.update_urltables: /etc/rc.update_urltables: ERROR: could not update pfB_Asia_v4 content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_Asia_v4 <br />[ KH, KH_rep, CN, CN_rep, IR, IR_rep, IQ, IQ_rep, KZ, KZ_rep, KP, KP_rep, PK, PK_rep, SY, <br />SY_rep, TR, TR_rep, VN, VN_rep ]
Feb  6 12:30:52 fw php-cgi[82398]: rc.update_urltables: /etc/rc.update_urltables: ERROR: could not update pfB_Europe_v4 content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_Europe_v4 <br />[ BY, BY_rep, BA, BA_rep, BG, BG_rep, HR, HR_rep, CZ, CZ_rep, EE, EE_rep, HU, HU_rep, XK, <br />XK_rep, LV, LV_rep, LT, LT_rep, MD, MD_rep, ME, ME_rep, MK, MK_rep, RU, RU_rep, RS, RS_rep, <br />SK, SK_rep, SI, SI_rep, UA, UA_rep ]
Feb  6 12:30:52 fw php-cgi[82398]: rc.update_urltables: /etc/rc.update_urltables: ERROR: could not update pfB_NAmerica_v4 content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_NAmerica_v4 <br />[ PA, PA_rep ]
Feb  6 12:30:52 fw php-cgi[82398]: rc.update_urltables: /etc/rc.update_urltables: ERROR: could not update pfB_SAmerica_v4 content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_SAmerica_v4 <br />[ BO, BO_rep, CL, CL_rep, CO, CO_rep, UY, UY_rep ]
Feb  6 12:30:52 fw php-cgi[82398]: rc.update_urltables: /etc/rc.update_urltables: ERROR: could not update pfB_PRI1_v4 content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_PRI1_v4 <br />[ Abuse_Feodo_C2_v4, Abuse_SSLBL_v4, CINS_army_v4, ET_Block_v4, ET_Comp_v4, ISC_Block_v4, Spamhaus_Drop_v4, Spamhaus_eDrop_v4, Talos_BL_v4 ]
Feb  6 12:30:52 fw php-cgi[82398]: rc.update_urltables: /etc/rc.update_urltables: ERROR: could not update pfB_PRI2_v4 content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_PRI2_v4 <br />[ Alienvault_v4 ]

The failure is occurring in function process_alias_urltable (line 2718 of /etc/inc/pfsense-utils.inc) as a result of the call to filter_var($url, FILTER_VALIDATE_URL) function returning false.

I am not at all sure, but am wondering if the issue may be that the URL being validated is not escaped:

https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_PRI1_v4 <br />[ Abuse_Feodo_C2_v4, Abuse_SSLBL_v4, CINS_army_v4, ET_Block_v4, ET_Comp_v4, ISC_Block_v4, Spamhaus_Drop_v4, Spamhaus_eDrop_v4, Talos_BL_v4 ]

Whereas the URL pfBlocker has stored in the configuration has escaped the less-than and greater-than surrounding the break:

https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_PRI1_v4 <br />[ Abuse_Feodo_C2_v4, Abuse_SSLBL_v4, CINS_army_v4, ET_Block_v4, ET_Comp_v4, ISC_Block_v4, Spamhaus_Drop_v4, Spamhaus_eDrop_v4, Talos_BL_v4 ]

dennypage

@dennypage It turns out that my speculation about the escaping of less-than and greater than was incorrect.

The problem is the presence of a space in the URL.

The following will validate:

https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_PRI1_v4 <br />[ Abuse_Feodo_C2_v4, 
Abuse_SSLBL_v4, CINS_army_v4, ET_Block_v4, ET_Comp_v4, ISC_Block_v4, Spamhaus_Drop_v4, Spamhaus_eDrop_v4, Tal
os_BL_v4 ]

As will this:

https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_PRI1_v4

For that matter, so will this:

https://127.0.0.1:443/nonexistenturl?nooption

I don't know if this is an issue for pfSense or pfBlockerNG.

@BBcan177 ?

p1erre

@dennypage same issue on my site

mrsunfire

Same here

cmcdonald

Issue is being addressed with @BBcan177 . Stay tuned

rpotter28

@cmcdonald Just got here to report this... Thanks Christian for being active on it!