Hello to all,
When I want to download talos for registered rules for IPS it returns with can not download rules . I tried to go to snort website but cloudflare stopped me. I checked the snort website without ipfire and i was able to open the website.I should mention that there is no firewall rules in ipfire. help me to solve this issue.
any help???
Hi @rezafathi.
May be this help you:
I can’t help you anymore since I don’t use that database. Try this and if it doesn’t solve anything, tell us.
Someone can help you more for sure.
Greetings.
Hi @roberto ,
let me explain this. I installed ipfire (without any configuration) and tried to open snort website to check but it did not opened (cloudflare 1020 error) then I removed ipfire from my network and I was able to open snort and talos website. I think there is something wrong in ipfire which would not let me open snort website and also download talos rulesets.
CloudFlare 1200 error ?
You get that error when accessing all websites or just specific ones?
Please provide more details.
only snort website. I’ve checked IPS and firewall logs but nothing is blocking the snort and talos website. I can open snort website without IPfire.
Hi @rezafathi
That problem is related to violating a firewall rule of Snort set by Talos.
Talos also provide clamav and the clamav signatures are provided through cloudfare as well and if the Freshclam signature downloader access the site too often then your IP gets blocked. I have seen that be reported on the clamav mailing list.
Talos, Snort and Clamav are all owned by Cisco.
Here is a link to the Cloudfare FAQ about this error. https://community.cloudflare.com/t/community-tip-fixing-error-1020-access-denied/66439. They just communicate the fact that an error has occurred to you.
Looks like you need to contact probably Snort to find what the reason for the violation was and to get removed from their block list. That was how it worked with the Clamav cases that I saw.
The reason you can access the site without IPFire is that the details of the machine making the connection are different.
@rezafathi …you could also try one of the other IPS rulesets - I use “emergingthreats” which works well for me.
