Hello Matthias, today I found some time to have the closer look on the ids.cgi file. > Hi, > > I found some strange things on the IPS system... > > First: > I defined five whitelisted hosts (or more, doesn't matter) on the > intrusion prevention page. > > Now every time I reload the page, the display order of these host > list > changes. IP address and remark stick together but the order changes > every time I reload the page. As far as I saw it, the contents of > 'ignored' file stay the same.
I was able to reproduce this issue and sent a fix to this mailing list. Thanks for finding and reporting. > > Second: > Furthermore, when I try to deactivate the last entry by removing the > check mark, the check mark disappears from the third entry (e.g.). > When > I try to deactivate the third entry, check mark disappears from the > last > (fifth). When I try to deactivate the second, check mark vanished > from > the third... That means, most of the time the check mark disappears > from > a different entry than the one I wanted to deselect. Weird... Sadly I was not able to reproduce this behaviour, but I also did the test with the fixed first issue. May this also fixed the second issue. > > Third: > Last but not least: I can't deacivate single rules from the 'IPFire > DBL > domain blocklists'. When I remove the check mark from the rule > "IPFire > DBL [Malware] Blocked HTTP Request", the mark is back after reloading > the ruleset. I can't disable individual rules, only the entire rule > set. This is not directly a CGI related issue. It may come from a double usage of the same rule SID. I did some quick analysis, found some SID related issues on our rules and reported them to Michael. > > Can anyone confirm these findings? > > Best > Matthias > Best regards, -Stefan
