Messages

Hello,
I want use letsencrypt to generate my web ssl key.I make sure dns setup done and can resolve domain.But when I click generate key will got error message.

[Thu Dec 10 08:55:30 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:30 CST 2020] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Dec 10 08:55:31 CST 2020] _ret='0'
[Thu Dec 10 08:55:31 CST 2020] code='200'
[Thu Dec 10 08:55:31 CST 2020] domain:Verify error:DNS problem: SERVFAIL looking up A for domain - the domain's nameservers may be malfunctioning
[Thu Dec 10 08:55:31 CST 2020] pid
[Thu Dec 10 08:55:31 CST 2020] No need to restore nginx, skip.
[Thu Dec 10 08:55:31 CST 2020] _clearupdns
[Thu Dec 10 08:55:31 CST 2020] dns_entries
[Thu Dec 10 08:55:31 CST 2020] skip dns.
[Thu Dec 10 08:55:31 CST 2020] _on_issue_err
[Thu Dec 10 08:55:31 CST 2020] Please check log file for more details: /var/log/acme.sh.log
[Thu Dec 10 08:55:31 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:31 CST 2020] payload='{}'
[Thu Dec 10 08:55:31 CST 2020] POST
[Thu Dec 10 08:55:31 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:31 CST 2020] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Dec 10 08:55:32 CST 2020] _ret='0'
[Thu Dec 10 08:55:32 CST 2020] code='400'

What's this problem?

Hello,
I know how to set web proxy filter for http. If I want for https and 80 port forward 443 port. How to do it?

Hello,
I hope it's generate key on web and export user config file.It's will easy to use it.Thanks a lot.

My network like follow
                                                                   These server and client are the same server
|Windows Wireguard VPN client|--->|A:Wireguard VPN Server|+|C:Wireguard VPN Client|--->|B:Wireguard Server|
            Wireguard IP:10.8.0.2                           IP:10.8.0.1                   IP:10.7.0.2                        IP:10.7.0.1
I can connect from Windows Wireguard VPN client to A wireguard vpn server and C wireguard client also can connect to B server.I hope windows client through A server and forward to B server then go to internet.But Windows only ping 10.8.0.0 network.I try setup C client allow ips add 10.8.0.0/24.But it's can't up this interface when I add allow ips 10.8.0.0/24.Could any friend teach me how to do it?

Hello,
Could I redirect client 403 page when rule match?

like
http://url/php:/

Sorry,the full rule I fix it.

MainRule id:10000 "rx:(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/" "msg:URL charset" "mz:URL" "s:$policy1a275df7733e4aef813ecb4917637d40:8";

I want block url string have like ftp:/ or ldap:/ this string.I has edit to rx.Is right?

Please see follow:

MainRule id:10000 "str:gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data\:\/" "msg:URL charset" "mz:URL" "s:$policy1a275df7733e4aef813ecb4917637d
40:8"

I want block some charset on url.Could I set wrong?

Ohh...Sorry,I miss this option.Thanks a lot.

and can you enable "Extensive Naxsi Log" in server properties and post NAXSI_EXLOG log for blocked request?

Where is these setup?on opnsense?or web server?

MainRule id:15001 "rx:^(?!\s*$).+" "msg:Empty UA" "mz:$HEADERS_VAR_X:User-Agent" "s:$policy20906cd5e25e413f9fe6e733c38d3586:8";

*19 NAXSI_FMT: ip=219.84.34.52&server=ab.aspa.idv.tw&uri=/&learning=0&vers=0.56&total_processed=12&total_blocked=10&block=1&cscore0=$policy20906cd5e25e413f9fe6e733c38d3586&score0=16&zone0=HEADERS&id0=15001&var_name0=user-agent&zone1=HEADERS|NAME&id1=15001&var_name1=user-agent, client: 219.84.34.52, server: ab.aspa.idv.tw, request: "GET / HTTP/1.1", host: "ab.aspa.idv.tw"

*19 NAXSI_FMT: ip=219.84.34.52&server=ab.aspa.idv.tw&uri=/favicon.ico&learning=0&vers=0.56&total_processed=13&total_blocked=11&block=1&cscore0=$policy20906cd5e25e413f9fe6e733c38d3586&score0=16&zone0=HEADERS&id0=15001&var_name0=user-agent&zone1=HEADERS|NAME&id1=15001&var_name1=user-agent, client: 219.84.34.52, server: ab.aspa.idv.tw, request: "GET /favicon.ico HTTP/1.1", host: "ab.aspa.idv.tw", referrer: "http://ab.aspa.idv.tw/"

it should
may be something like:

Code Select Expand

MainRule negative id:1700 "rx:^(?!\s*$).+" "msg:Empty_UA" "mz:$HEADERS_VAR_X:User-Agent"
not tested

Hello,I test it.
If I use browers like firefox to see http://ab.aspa.idv.tw.it's also show Request Denied.
You can check http://ab.aspa.idv.tw

So,Whatever choose block request or drop connection it's always show opnsense request denied webpage.
Right?

Sorry,I make mistake.It's can block it.Thanks a lot.
I want know about naxsi.It's can choose drop connection this option.What the different block request and drop connection?I test it.I feel no different.