Hi Daniel,
thanks for reporting.
On Thu, Jun 08, 2023 at 01:47:55PM +0200, Daniel Suchy wrote:
> Package: libnginx-mod-http-modsecurity
> Version: 1.0.3-1+b1
>
> libmodsecurity3 was upgraded to version v3.0.9 and after that, nginx
> integration/module fails to start:
>
> [emerg] 348194#348194: dlopen()
> "/usr/share/nginx/modules/ngx_http_modsecurity_module.so" failed
> (/usr/share/nginx/modules/ngx_http_modsecurity_module.so: undefined symbol:
> pcre_malloc) in /etc/nginx/modules-enabled/50-mod-http-modsecurity.conf:1
>
> That happened on debian/bookworm with libmodsecurity3 (3.0.9-1) and
> libnginx-mod-http-modsecurity (1.0.3-1+b1) packages provided here.
I can confirm this behavior.
Unfortunately when the package was uploaded (2023-01-22) [1] and
migrated into testing, both Nginx and previous libmodsecurity3
(3.0.8) used the "old" PCRE library.
Meanwhile Nginx upgraded, and we bumped the PCRE version in the
libmodsecurity3 too.
This is the reason.
> Downgrade to 3.0.8-1 is working work-around. Between versions 3.0.8-1 and
> 3.0.9-1, there was removed debian-specific patch (patches/pcrem4.patch), as
> I noticed - maybe this is cause of this issue.
There is an other workaround too: re-compile the package.
Before the steps below you have to remove the currently installed
module:
sudo dpkg -r libnginx-mod-http-modsecurity
and upgrade libmodsecurity3
sudo apt install libmodsecurity3
Then try to rebuild the package from source:
sudo apt install libnginx-mod-http-ndk-dev nginx-dev
mkdir -f ~/tmp
cd ~/tmp
apt source libnginx-mod-http-modsecurity
cd libnginx-mod-http-modsecurity-1.0.3/
dpkg-buildpackage -us -uc
sudo dpkg -i libnginx-mod-http-modsecurity_1.0.3-1_amd64.deb
Now be sure that the module is enabled:
ls -1 /etc/nginx/modules-enabled/
10-mod-http-ndk.conf
50-mod-http-modsecurity.conf
and check that the WAF is "on" and the log level is "info"
at least:
nl -ba /etc/nginx/nginx.conf
1 user www-data;
2 worker_processes auto;
3 pid /run/nginx.pid;
4 error_log /var/log/nginx/error.log info;
...
...
58
59 modsecurity on;
60
61 include /etc/nginx/conf.d/*.conf;
62 include /etc/nginx/sites-enabled/*;
...
Now after the restart you have to see that the engine is active:
sudo /etc/init.d/nginx restart
sudo systemctl status nginx.service
...
jún 08 14:59:16 debian-test nginx[4604]: 2023/06/08 14:59:16 [notice]
4604#4604: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/0/0)
jún 08 14:59:16 debian-test nginx[4605]: 2023/06/08 14:59:16 [notice]
4605#4605: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/0/0)
...
Please let me know if you can fix that with this workaround -
then I'm going top open a ticket for asking rebuild of the
module.
Thanks again.
a.
1: https://tracker.debian.org/pkg/libnginx-mod-http-modsecurity
