Regarding PHP Errors



  • Hi,
    Have couple of live installs for PFSense had been working great. But have found this specific issue with current fresh install 2.0.1. Have been seeing php errors in simply all installs. Squid, Squidguard, HAVP, AutoconfigBackup. But at the same time was able to install Backup and Darkstat without any problems. Kindly help. Error Snapshot attached below.

    ![error snapshot.JPG](/public/imported_attachments/1/error snapshot.JPG)
    ![error snapshot.JPG_thumb](/public/imported_attachments/1/error snapshot.JPG_thumb)



  • Something upstream of the firewall keeping it from being able to download certain things? That means it failed to fetch those files, and they're definitely there and the install works fine.



  • I Thought so I have a hardware Firewall and IPS. Did Bypass both but still not able to install the packages any suggestions or logs where I can find the exact issue. Tried system.log but not of much help.



  • Check the upstream firewall and IPS, it has to be blocking downloads. Nothing in the pfsense logs will tell you exactly what it's failing to download. You could do a packet capture on WAN and see the specific things that are failing that way.



  • Great Thnx will chk and get back



  • Got a suggestion on this can I use a USB 3G Data Card and get the packages installed and then disconnect the same. Got a tight schedule working on this though I have sent the issue for the network team to troubleshoot.
    If yes how to use the same.



  • If you have a supported card, yes. Check the 3G category at doc.pfsense.org



  • That one was a toughie especially with all the log monitoring got this resolved. This signature is vulnerable and blocking the package installation.
    HTTP_PHP_Transfer_XSS this is a medium level Vulnerability. Kindly try to find a solution and get this fixed please have got this bypassed though temporarily for me and got this resolved.
    Thanx for the support.



  • That one is described as: "This signature detects a PHP script as content to an HTTP response"

    Yes, it is, there is no other possible way to download and install the package data. Nothing we can do to fix your broken signatures.


Locked