I'm trying to add this link to my csf.blocklists file.
There is a problem however as I'm getting the following error: Unable to download: Can't connect to raw.githubusercontent.com:443 (certificate verify failed)
Is there any work around to this (there isn't an http equivalent page I can find)?
Thank you.
Unable to download: (certificate verify failed)
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: Unable to download: (certificate verify failed)
That's an issue with checking the githubusercontent.com certificate by LWP for some reason. To work around it for now, you can edit /usr/local/csf/lib/ConfigServer/URLGet.pm and go to the line with:
and add the following to a line after:
Then restart lfd.
However, that link you posted is not a list of IP/CIDR addresses which is required for csf/lfd to parse.
Code: Select all
my $ua = LWP::UserAgent->new;Code: Select all
$ua->ssl_opts(verify_hostname => 0);However, that link you posted is not a list of IP/CIDR addresses which is required for csf/lfd to parse.
Re: Unable to download: (certificate verify failed)
Thanks for the reply, the help I've had since getting interested in CSF/LFD on the forum has been amazing, so really appreciated.
So, the link is NOT compatible - thanks for the information. I know Marcele mentioned in another thread about compatibility issues with blocklists but I was unsure exactly what is required and what wasn't.
I'll see if I can find out more by looking into the lists are know ARE allowed.
Thanks again.
So, the link is NOT compatible - thanks for the information. I know Marcele mentioned in another thread about compatibility issues with blocklists but I was unsure exactly what is required and what wasn't.
I'll see if I can find out more by looking into the lists are know ARE allowed.
Thanks again.
Re: Unable to download: (certificate verify failed)
Just a quick note that when I talked to Costa from Firehol he didn't want us linking directly to the github lists which is why we let CSF parse the original source URL directly (having a bunch of servers refresh from his github isn't good). I've tried to go though and test all of the lists that were parsable by CSF. Some of these lists are better than others. You should also use caution when using these lists as you are at the mercy of the blocklist maintainer.
Re: Unable to download: (certificate verify failed)
Hi Marcele - thanks for the reply. I understand his concern, however the github link above is actually the link that Firehol uses to update, so I thought it ok to post.
I'm currently looking at tackling this another way and using Firehols excellent scripts to update and create the ipsets required on my server and then adding the rules to CSF to use them. There are a few finer points I need to sort out such as maintaining the ipsets on server reboot and exactly how best to add the rules to CSF, but I'm getting there slowly. Any advice appreciated..
Regards.
I'm currently looking at tackling this another way and using Firehols excellent scripts to update and create the ipsets required on my server and then adding the rules to CSF to use them. There are a few finer points I need to sort out such as maintaining the ipsets on server reboot and exactly how best to add the rules to CSF, but I'm getting there slowly. Any advice appreciated..
Regards.