Occurs in at least Core Update 84 and 85. When setting up Snort, and choosing 'Sourcefire VRT rules for registered users', the following error comes up. This is with a valid oinkcode which I've replaced below with xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.: ====================================================================== --2014-10-25 21:50:26-- http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxx... Resolving www.snort.org (www.snort.org)... 50.19.124.119, 54.225.152.149, 54.243.242.66 Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxx... [following] --2014-10-25 21:50:26-- https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxx... Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443... connected. WARNING: cannot verify www.snort.org's certificate, issued by '/C=US/O=Thawte, Inc./CN=Thawte SSL CA': Self-signed certificate encountered. HTTP request sent, awaiting response... 422 Unprocessable Entity 2014-10-25 21:50:26 ERROR 422: Unprocessable Entity. ======================================================================
Visiting the URL's individually (with the oinkcode) results in the error message: ["File not found by name 'snortrules-snapshot-2960.tar.gz'"] These entries appear to be hard coded on line 265 of ids.cgi (/srv/web/ipfire/cgi-bin/ids.cgi)
Updating with "Snort/VRT GPLv2 Community Rules" and "Emergingtrheats.net Community Rules" appear to work (I was not able to test the "Subscription" set since I do not have a subscription.
Rod