From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 6 Feb 2019 09:58:59 +0000 (+0100)
Subject: ids-functions.pl: Do not send HEAD requests to sourcefire (snort.org) servers
X-Git-Tag: v2.23-core131~117^2~65
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=155b3b56a8e4c8765c473b853445e2957b0b852f

ids-functions.pl: Do not send HEAD requests to sourcefire (snort.org) servers

Using this feature to fetch the size of the requested tarball is not allowed by these
servers, so skip this feature for their rulesets.

Fixes #11987

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 98bf5806bd..45159ffe97 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -210,33 +210,42 @@ sub downloadruleset {
 		return 1;
 	}
 
-	# Pass the requrested url to the downloader.
-	my $request = HTTP::Request->new(HEAD => $url);
+	# Variable to store the filesize of the remote object.
+	my $remote_filesize;
 
-	# Accept the html header.
-	$request->header('Accept' => 'text/html');
+	# The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check
+	# for this webserver.
+	#
+	# Check if the ruleset source contains "snort.org".
+	unless ($url =~ /\.snort\.org/) {
+		# Pass the requrested url to the downloader.
+		my $request = HTTP::Request->new(HEAD => $url);
 
-	# Perform the request and fetch the html header.
-	my $response = $downloader->request($request);
+		# Accept the html header.
+		$request->header('Accept' => 'text/html');
 
-	# Check if there was any error.
-	unless ($response->is_success) {
-		# Obtain error.
-		my $error = $response->status_line();
+		# Perform the request and fetch the html header.
+		my $response = $downloader->request($request);
 
-		# Log error message.
-		&_log_to_syslog("Unable to download the ruleset. \($error\)");
+		# Check if there was any error.
+		unless ($response->is_success) {
+			# Obtain error.
+			my $error = $response->status_line();
 
-		# Return "1" - false.
-		return 1;
-	}
+			# Log error message.
+			&_log_to_syslog("Unable to download the ruleset. \($error\)");
 
-	# Assign the fetched header object.
-	my $header = $response->headers();
+			# Return "1" - false.
+			return 1;
+		}
+
+		# Assign the fetched header object.
+		my $header = $response->headers();
 
-	# Grab the remote file size from the object and store it in the
-	# variable.
-	my $remote_filesize = $header->content_length;
+		# Grab the remote file size from the object and store it in the
+		# variable.
+		$remote_filesize = $header->content_length;
+	}
 
 	# Load perl module to deal with temporary files.
 	use File::Temp;
@@ -273,7 +282,7 @@ sub downloadruleset {
 	my $local_filesize = $stat->size;
 
 	# Check if both file sizes match.
-	unless ($remote_filesize eq $local_filesize) {
+	if (($remote_filesize) && ($remote_filesize ne $local_filesize)) {
 		# Log error message.
 		&_log_to_syslog("Unable to completely download the ruleset. ");
 		&_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");