Ids.cgi Customize Ruleset freezes

Hello,
I just noticed that “Customize Ruleset” function from Intrusion Prevention System is freezing when I activate more than one Ruleset source.

Is this a known bug that is waiting for a fix?

Here are the sources I activated:

Talos VRT rules with subscription
Emergingthreats.net Community Rules
Abuse.ch SSLBL Blacklist Rules
Snort/VRT GPLv2 Community Rules
Etnetera Aggressive Blacklist Rules

No and I couldn’t reproduce it.

I took my CU187 vm machine running with no problems with Emerging threats and Abuse.ch already added.

I could open the customise window and change things.

I then added Etnetera, Snort Community and Talos VRT Registered and tested out the customise window at each addition step and I could access and change rules at each addition.

I can’t test Talos VRT Subscription as I don’t use that but the registered should be fairly similar.

If the problem is due to the VRT Subscription rules then the problem should occur with only that ruleset selected.

When the screen freezes it might be worth looking at whether there is any info in the /var/log/httpd/error_log file.

2 Likes

The behavior happens only on MS Edge Browser and Windows 10
I powered up my Linux Mate and Firefox from there does not freeze on that page.
Then I went back on Windows 10 and installed Firefox and the browser no longer freezes.

It seems that Edge has an issue with that code while Firefox works fine.
All good.

1 Like

When edge freezes on the IPS page can you show what is in the /var/log/httpd/error_log file related to the ids.cgi page.

It would be good to see if we can figure out what is causing a problem for Edge to see if it is possible to fix for Edge users.

1 Like

I did two tests, after adding the following providers, I clicked Customize ruleset

test1
IPFire 2.29 (x86_64) - Core-Update 189 Development Build: master/84b04cb6

obraz

Windows10 Pro 22H2 19045.4894
Microsoft Edge Version 129.0.2792.52

After clicking Customize ruleset, the page opens without errors.

test2
IPFire 2.29 (x86_64) - Core-Update 186 on Virtualbox

obraz

Windows 10 Pro 22H2 19045.4894
Microsoft Edge Version 129.0.2792.52

After clicking Customize ruleset, the page opens without errors.

Regards

1 Like

Hello,
No lines are appended to /var/log/httpd/error_log while MS Edge freezes on ids.cgi

Then the freezing is not due to a syntactical error in ids.cgi.

Are there any messages in the Windows or MS Edge logs to show what it had a problem with. Maybe MS Edge expects non-standard html commands or something.

I don’t have any Windows systems at all so cannot try and reproduce it to be able to fault find on it.

I do not know where Edge keeps its logs - I had a brief look inside Event Viewer for an entry for Edge but there is none…
All I can provide is this message - it appears after I scroll the (quite big) list of elements to be displayed (to be edited)

I know is not that much, but that is all I have now…

Late edit: while I have typed this post the page unfreeze - now the scroll works ok (I scrolled up to the top and down to the bottom again)

Weird…

Definitely weird.

black-x86-64.go.ro is no where in the IPFire code.

I also did a search for it and found nothing at all. Adding edge to the search just found lots of pages about installing edge and nothing even similar to black-x86-64.go.ro

Oh well, we have tried the best we can.

:crossed_fingers: that it stays working for you.

Maybe this is completely unrelated, but in Firefox the LastPass plugin will often slow the IDS ruleset page to a crawl. I get notifications from Firefox asking if I want to disable LastPass when this occurs. Another browser with Bitwarden does not have this issue. And yes, disabling LastPass does speed up that page in FF. I attributed it to a bug in LP and just work around it when it crops up.