Hi Dragan Dosen. Dragan Dosen <[email protected]> have written on Mon, 29 May 2017 10:29:55 +0200:
> Hi all, > > I'm sending you a patch for Mod Defender (a NAXSI clone) integration > -- a service that talks SPOE and uses the Mod Defender > (https://github.com/Annihil/mod_defender) functionality to detect HTTP > attacks. It returns a HTTP status code to indicate whether the request > is suspicious or not, based on NAXSI rules. The value of the returned > status can be used in HAProxy rules to determine if the HTTP request > should be blocked/rejected. > > Unlike ModSecurity, Mod Defender is a whitelist based WAF (everything > is disallowed, unless there are rules saying otherwise). It's a > partial replication of NAXSI and it uses NAXSI compatible rules > configuration format. Is there a comparison table what's the difference between mod defender and mod security? > Any comments are welcome. Some feedback. I have tried to build it on centos latest and got the following error. ### + make MOD_DEFENDER_SRC=/usr/src/mod_defender APACHE2_INC=/usr/include/httpd APR_INC=/usr/include/apr-1 gcc -g -Wall -pthread -I../../include -I../../ebtree -I/usr/src/mod_defender -I/usr/include/httpd -I/usr/include/apr-1 -c -o spoa.o spoa.c gcc -g -Wall -pthread -I../../include -I../../ebtree -I/usr/src/mod_defender -I/usr/include/httpd -I/usr/include/apr-1 -c -o defender.o defender.c gcc -g -Wall -pthread -I../../include -I../../ebtree -I/usr/src/mod_defender -I/usr/include/httpd -I/usr/include/apr-1 -c -o /usr/src/mod_defender/deps/libinjection/libinjection_sqli.o /usr/src/mod_defender/deps/libinjection/libinjection_sqli.c gcc -g -Wall -pthread -I../../include -I../../ebtree -I/usr/src/mod_defender -I/usr/include/httpd -I/usr/include/apr-1 -c -o /usr/src/mod_defender/deps/libinjection/libinjection_xss.o /usr/src/mod_defender/deps/libinjection/libinjection_xss.c gcc -g -Wall -pthread -I../../include -I../../ebtree -I/usr/src/mod_defender -I/usr/include/httpd -I/usr/include/apr-1 -c -o /usr/src/mod_defender/deps/libinjection/libinjection_html5.o /usr/src/mod_defender/deps/libinjection/libinjection_html5.c g++ -g -std=gnu++11 -I/usr/src/mod_defender -I/usr/src/mod_defender/deps -I/usr/include/httpd -I/usr/include/apr-1 -c -o /usr/src/mod_defender/JsonValidator.o /usr/src/mod_defender/JsonValidator.cpp g++ -g -std=gnu++11 -I/usr/src/mod_defender -I/usr/src/mod_defender/deps -I/usr/include/httpd -I/usr/include/apr-1 -c -o /usr/src/mod_defender/RuntimeScanner.o /usr/src/mod_defender/RuntimeScanner.cpp g++ -g -std=gnu++11 -I/usr/src/mod_defender -I/usr/src/mod_defender/deps -I/usr/include/httpd -I/usr/include/apr-1 -c -o /usr/src/mod_defender/mod_defender.o /usr/src/mod_defender/mod_defender.cpp g++ -g -std=gnu++11 -I/usr/src/mod_defender -I/usr/src/mod_defender/deps -I/usr/include/httpd -I/usr/include/apr-1 -c -o /usr/src/mod_defender/Util.o /usr/src/mod_defender/Util.cpp g++ -g -std=gnu++11 -I/usr/src/mod_defender -I/usr/src/mod_defender/deps -I/usr/include/httpd -I/usr/include/apr-1 -c -o /usr/src/mod_defender/RuleParser.o /usr/src/mod_defender/RuleParser.cpp gcc -o defender standalone.o spoa.o defender.o /usr/src/mod_defender/deps/libinjection/libinjection_sqli.o /usr/src/mod_defender/deps/libinjection/libinjection_xss.o /usr/src/mod_defender/deps/libinjection/libinjection_html5.o /usr/src/mod_defender/JsonValidator.o /usr/src/mod_defender/RuntimeScanner.o /usr/src/mod_defender/mod_defender.o /usr/src/mod_defender/Util.o /usr/src/mod_defender/RuleParser.o -lpthread -levent -levent_pthreads -lapr-1 -laprutil-1 -lstdc++ /usr/src/mod_defender/RuntimeScanner.o: In function `RuntimeScanner::processRuleBuffer(std::string const&, http_rule_t const&, unsigned long&)': /usr/src/mod_defender/RuntimeScanner.cpp:146: undefined reference to `std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >::regex_iterator()' /usr/src/mod_defender/RuntimeScanner.cpp:146: undefined reference to `std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >::regex_iterator(__gnu_cxx::__normal_iterator<char const*, std::string>, __gnu_cxx::__normal_iterator<char const*, std::string>, std::basic_regex<char, std::regex_traits<char> > const&, std::bitset<11ul>)' /usr/src/mod_defender/RuntimeScanner.o: In function `std::iterator_traits<std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> > >::difference_type std::distance<std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> > >(std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >, std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >)': /usr/include/c++/4.8.2/bits/stl_iterator_base_funcs.h:118: undefined reference to `std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >::regex_iterator(std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> > const&)' /usr/include/c++/4.8.2/bits/stl_iterator_base_funcs.h:118: undefined reference to `std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >::regex_iterator(std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> > const&)' /usr/src/mod_defender/RuntimeScanner.o: In function `std::iterator_traits<std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> > >::difference_type std::__distance<std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> > >(std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >, std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >, std::input_iterator_tag)': /usr/include/c++/4.8.2/bits/stl_iterator_base_funcs.h:82: undefined reference to `std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >::operator++()' /usr/include/c++/4.8.2/bits/stl_iterator_base_funcs.h:80: undefined reference to `std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> >::operator!=(std::regex_iterator<__gnu_cxx::__normal_iterator<char const*, std::string>, char, std::regex_traits<char> > const&)' collect2: error: ld returned 1 exit status make: *** [defender] Error 1 ### The repo with the build instructions is https://github.com/git001/haproxy-waf2 > Best regards, > Dragan Dosen Best regards Aleks
