Messages

1

Intrusion Detection and Prevention / IDS on traffic passing through web proxy

« on: March 05, 2023, 01:23:37 pm »

Most internet traffic is encrypted these days, so without decryption, a lot is going to slip passed any IDS.  I have the web proxy configured on my system, and my assumption was that the Suricata service would take advantage of this and scan the traffic as it was decrypted by the web proxy.  This doesn't seem to be the case however.  Is there any way to have Squid pass the traffic to Suricata for scanning?

Thanks

2

23.1 Legacy Series / php error when browsing the GUI trust -> Certificates

« on: February 26, 2023, 04:08:22 pm »

Hello,  I have actually resolved this error, but thought it was really odd, so I figured I would mention it here.  I just installed 23.1 from a fresh download, and everything was working except when I would browse to the trust-> Certificates page in the GUI.  When I would browse to this page I would get a php error on system_certmanager.php.  The same would happen Authorities page.  with system_camanager.php

Specifically I would get Fatal error: Failed opening required '/usr/local/www/system_camanager.php' (include_path='/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/opnsense/contrib:/usr/local/share/pear:/usr/local/share') in Unknown on line 0 

I decided to investigate the file itself and noticed the includes where using single quotes to pass the file names strings, while the other php scripts where using double quotes.  I edited these files and replaced the single quotes with double quotes.

This resolved the issue and so far everything seems to be working correctly, it just seems like a really strange problem, wondering if anyone would know why I ran into this issue.  I also thought this might help someone else if they run into the same problem.