Hi,
I added a source:
suricata-update -qD /ids/ --suricata-conf /ids/ids.yaml add-source --http-header "apiKey: $API_KEY" Abode https://downloads.abode.com/downloads/abode/abode.rules.tar.gz
The log shows:
5/10/2020 -- 10:12:24 - <Debug> -- Resolved source Abode to URL https://downloads.abode.com/downloads/abode/abode.rules.tar.gz.
5/10/2020 -- 10:12:24 - <Info> -- Checking https://downloads.abode.com/downloads/abode/abode.rules.tar.gz.md5.
5/10/2020 -- 10:12:24 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.0.7 (OS: Linux; CPU: x86_64; Python: 2.7.5; Dist: CentOS Linux/7.8.2003; Suricata: 4.1.8)
5/10/2020 -- 10:12:25 - <Warning> -- Failed to check remote checksum: HTTP Error 500: Internal Server Error
5/10/2020 -- 10:12:25 - <Info> -- Fetching https://downloads.abode.com/downloads/abode/abode.rules.tar.gz.
5/10/2020 -- 10:12:25 - <Debug> -- Setting HTTP User-Agent to Suricata-Update/1.0.7 (OS: Linux; CPU: x86_64; Python: 2.7.5; Dist: CentOS Linux/7.8.2003; Suricata: 4.1.8)
5/10/2020 -- 10:12:25 - <Debug> -- Setting HTTP header apiKey to 1fce8a4e-3e62-4d1d-83af- c3a279b15b5c 100% - 1220222/1220222
5/10/2020 -- 10:12:27 - <Info> -- Done.
It tries to fetch the checksum but fails as we need to use the $API_KEY to retrieve any files from the location in question. The header is then set and the rules are downloaded successfully.
Is this by design? Not setting the HTTP header first before trying to fetch the remote checksum?
I do not want to disable the checksum as this will obviously cause the rules to be downloaded each and every time.
We only have a single source, the above source via $API_KEY.
Thank you.