OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of akong77 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - akong77

Pages: [1] 2 3
1
General Discussion / Use letsencrypt got this error.
« on: December 10, 2020, 02:30:29 am »
Hello,
I want use letsencrypt to generate my web ssl key.I make sure dns setup done and can resolve domain.But when I click generate key will got error message.

Quote
[Thu Dec 10 08:55:30 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:30 CST 2020] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Dec 10 08:55:31 CST 2020] _ret='0'
[Thu Dec 10 08:55:31 CST 2020] code='200'
[Thu Dec 10 08:55:31 CST 2020] domain:Verify error:DNS problem: SERVFAIL looking up A for domain - the domain's nameservers may be malfunctioning
[Thu Dec 10 08:55:31 CST 2020] pid
[Thu Dec 10 08:55:31 CST 2020] No need to restore nginx, skip.
[Thu Dec 10 08:55:31 CST 2020] _clearupdns
[Thu Dec 10 08:55:31 CST 2020] dns_entries
[Thu Dec 10 08:55:31 CST 2020] skip dns.
[Thu Dec 10 08:55:31 CST 2020] _on_issue_err
[Thu Dec 10 08:55:31 CST 2020] Please check log file for more details: /var/log/acme.sh.log
[Thu Dec 10 08:55:31 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:31 CST 2020] payload='{}'
[Thu Dec 10 08:55:31 CST 2020] POST
[Thu Dec 10 08:55:31 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9193634542/k7kq1Q'
[Thu Dec 10 08:55:31 CST 2020] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Dec 10 08:55:32 CST 2020] _ret='0'
[Thu Dec 10 08:55:32 CST 2020] code='400'

What's this problem?

2
Web Proxy Filtering and Caching / Have any tutoral nginx for https?
« on: December 04, 2020, 06:50:01 am »
Hello,
I know how to set web proxy filter for http. If I want for https and 80 port forward 443 port. How to do it?

3
Virtual private networks / Could support wireguard export user config file and gererate user key?
« on: November 20, 2020, 02:26:31 am »
Hello,
I hope it's generate key on web and export user config file.It's will easy to use it.Thanks a lot.

4
Virtual private networks / Could route add vpn to do?
« on: November 19, 2020, 03:11:14 am »
My network like follow
                                                                   These server and client are the same server
|Windows Wireguard VPN client|--->|A:Wireguard VPN Server|+|C:Wireguard VPN Client|--->|B:Wireguard Server|
            Wireguard IP:10.8.0.2                           IP:10.8.0.1                   IP:10.7.0.2                        IP:10.7.0.1
I can connect from Windows Wireguard VPN client to A wireguard vpn server and C wireguard client also can connect to B server.I hope windows client through A server and forward to B server then go to internet.But Windows only ping 10.8.0.0 network.I try setup C client allow ips add 10.8.0.0/24.But it's can't up this interface when I add allow ips 10.8.0.0/24.Could any friend teach me how to do it?

5
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 10, 2020, 10:47:32 am »
Hello,
Could I redirect client 403 page when rule match?

6
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 09, 2020, 01:32:06 am »
like
http://url/php:/

7
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 07, 2020, 10:03:08 am »
Sorry,the full rule I fix it.

Quote
MainRule id:10000 "rx:(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/" "msg:URL charset" "mz:URL" "s:$policy1a275df7733e4aef813ecb4917637d40:8";

I want block url string have like ftp:/ or ldap:/ this string.I has edit to rx.Is right?

8
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 06, 2020, 04:21:04 pm »
Please see follow:
Quote
MainRule id:10000 "str:gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data\:\/" "msg:URL charset" "mz:URL" "s:$policy1a275df7733e4aef813ecb4917637d
40:8"
I want block some charset on url.Could I set wrong?

9
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 06, 2020, 04:13:45 pm »
Ohh...Sorry,I miss this option.Thanks a lot.

10
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 06, 2020, 03:48:10 pm »
Quote
and can you enable "Extensive Naxsi Log" in server properties and post NAXSI_EXLOG log for blocked request?

Where is these setup?on opnsense?or web server?

11
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 06, 2020, 03:46:59 pm »
Quote
MainRule id:15001 "rx:^(?!\s*$).+" "msg:Empty UA" "mz:$HEADERS_VAR_X:User-Agent" "s:$policy20906cd5e25e413f9fe6e733c38d3586:8";

12
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 06, 2020, 12:39:59 pm »
Quote
*19 NAXSI_FMT: ip=219.84.34.52&server=ab.aspa.idv.tw&uri=/&learning=0&vers=0.56&total_processed=12&total_blocked=10&block=1&cscore0=$policy20906cd5e25e413f9fe6e733c38d3586&score0=16&zone0=HEADERS&id0=15001&var_name0=user-agent&zone1=HEADERS|NAME&id1=15001&var_name1=user-agent, client: 219.84.34.52, server: ab.aspa.idv.tw, request: "GET / HTTP/1.1", host: "ab.aspa.idv.tw"

Quote
*19 NAXSI_FMT: ip=219.84.34.52&server=ab.aspa.idv.tw&uri=/favicon.ico&learning=0&vers=0.56&total_processed=13&total_blocked=11&block=1&cscore0=$policy20906cd5e25e413f9fe6e733c38d3586&score0=16&zone0=HEADERS&id0=15001&var_name0=user-agent&zone1=HEADERS|NAME&id1=15001&var_name1=user-agent, client: 219.84.34.52, server: ab.aspa.idv.tw, request: "GET /favicon.ico HTTP/1.1", host: "ab.aspa.idv.tw", referrer: "http://ab.aspa.idv.tw/"

13
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 06, 2020, 11:13:54 am »
Quote from: Fright on November 05, 2020, 11:08:32 am
it should
may be something like:
Code: [Select]
MainRule negative id:1700 "rx:^(?!\s*$).+" "msg:Empty_UA" "mz:$HEADERS_VAR_X:User-Agent"not tested
Hello,I test it.
If I use browers like firefox to see http://ab.aspa.idv.tw.It's also show Request Denied.
You can check http://ab.aspa.idv.tw

14
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 06, 2020, 07:50:15 am »
So,Whatever choose block request or drop connection it's always show opnsense request denied webpage.
Right?

15
Web Proxy Filtering and Caching / Re: Could naxsi support block empty user-agent?
« on: November 06, 2020, 06:49:35 am »
Sorry,I make mistake.It's can block it.Thanks a lot.
I want know about naxsi.It's can choose drop connection this option.What the different block request and drop connection?I test it.I feel no different.

Pages: [1] 2 3
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2