🐞💿 <The list of sources that suricata-update listed is not same as the web page that scirius showed.>

[Linn1]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I found that suricata-update just has one source but I can see many sources on the web page.
I run the command suricata-update list-enabled-sources and it list on source which is 'et/open'. But I can see 6 sources on the web page.
I don't know which software managed other sources.
I tried to add a public source on the web page but it had a error:
Error during update: Suspect tar file contains file in root directory 'malsilo-dns.rules' instead of under 'rules' directory.
How to fix this error?
Then I tried to add another public source, but there still had a error:
Error during source update: Connection error 'HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /ptresearch/Attack Detectian/master/pt.rules.tar.gz(Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed:503 Seryice Unavailable',)))'

Expected Behavior

I can use the web page to add or update the source without any error.
I want to know why suricata-update has different source list with the source list on web page.

Steps To Reproduce

1.The environment: SELKS6.0
2.The selks default configure
3.Run 'suricata-update list-enabled-sources'
4.See the list contains one source which is different with the list the web page shows.

Anything else?

No response

[pevma]

Rules and sources are managed through Scirius in SELKS. You can edit/add/delete/suppress/threshold form the GUI interface.
In your case it seems to be maybe stopped / blocked by a proxy ?

[Linn1]

I use a proxy to connect to internet. I can add some sources but the other sources can not add successfully.
One of these cannot-add sources can't be added because of the tar file. The error is : Error during update: Suspect tar file contains file in root directory 'malsilo-dns.rules' instead of under 'rules' directory.
How to fix the error?

[Linn1]

The other source which had 503 response can not be added because of the net. The proxy stopped/blocked the net. I tried to find a way to solve this problem. Such as changing the proxy or adding dns server on the proxy. I want to change the head of the requests that Scirius add or update these sources. The website of the source blocked the illegal UA ,so I want to change the UA to test if that work.

[Linn1]

Thanks for your patience!

[pevma]

So basically - it triggers the stop based on the user agent, right ?

[Linn1]

Yes, at least the 503 error is caused by the proxy. Maybe it because of the block net.

[Linn1]

But this error is not based on the net error!

I use a proxy to connect to internet. I can add some sources but the other sources can not add successfully. One of these cannot-add sources can't be added because of the tar file. The error is : Error during update: Suspect tar file contains file in root directory 'malsilo-dns.rules' instead of under 'rules' directory. How to fix the error?