Hello,
The following patch adds the ModSecurity connector module to nginx.
This module uses my previously sent libmodsecurity.
By moving the module sources into the nginx source directory in the pre-patch
stage, the configure run accepts the libmodsecurity with 0.0 as version without
any real patching of the connector module itself.
I'm not sure, if the pseudo flavor for this is really needed.
Greetings,
Matthias
--------------------------------------------------------------------------------
diff --git a/www/nginx/Makefile b/www/nginx/Makefile
index 7fce24d..6546604 100644
--- a/www/nginx/Makefile
+++ b/www/nginx/Makefile
@@ -15,12 +15,14 @@ COMMENT-headers_more= nginx module for
setting/adding/clearing headers
COMMENT-perl= nginx perl scripting module
COMMENT-passenger= nginx passenger (ruby/python/nodejs) integration module
COMMENT-rtmp= nginx module for RTMP streaming
+COMMENT-modsecurity3= nginx module for ModSecurity
VERSION= 1.18.0
DISTNAME= nginx-${VERSION}
CATEGORIES= www
VERSION-rtmp= 1.2.1
+VERSION-modsecurity3= 1.0.1
PKGNAME-main= ${DISTNAME}
PKGNAME-image_filter= nginx-image_filter-${VERSION}
@@ -35,6 +37,7 @@ PKGNAME-headers_more= nginx-headers-more-${VERSION}
PKGNAME-perl= nginx-perl-${VERSION}
PKGNAME-passenger= nginx-passenger-${VERSION}
PKGNAME-rtmp= nginx-rtmp-${VERSION}
+PKGNAME-modsecurity3= nginx-modsecurity3-${VERSION}
REVISION-xslt= 0
ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386
@@ -52,7 +55,8 @@ _GH_MODS= \
kvspb nginx-auth-ldap
83c059b73566c2ee9cbda920d91b66657cf120b7 \
arut nginx-rtmp-module v${VERSION-rtmp} \
simpl ngx_devel_kit v0.3.0 \
- leev ngx_http_geoip2_module 3.3
+ leev ngx_http_geoip2_module 3.3 \
+ SpiderLabs ModSecurity-nginx v${VERSION-modsecurity3}
.for _a _p _c in ${_GH_MODS}
DISTFILES+= ${_p}-{${_a}/${_p}/archive/}${_c}.tar.gz:0
@@ -68,10 +72,11 @@ PERMIT_PACKAGE= Yes
MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES}
MODULE_PACKAGES = -image_filter -geoip2 -xslt -mailproxy -stream \
- -passenger -headers_more -ldap_auth -lua -rtmp
+ -passenger -headers_more -ldap_auth -lua -rtmp \
+ -modsecurity3
FLAVOR ?=
-PSEUDO_FLAVORS = no_lua no_passenger
+PSEUDO_FLAVORS = no_lua no_passenger no_modsecurity3
COMPILER = base-clang ports-gcc base-gcc
@@ -90,6 +95,7 @@ WANTLIB-lua= ${MODLUA_WANTLIB} m
WANTLIB-headers_more=
WANTLIB-perl= c m perl
WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
+WANTLIB-modsecurity3= modsecurity
LIB_DEPENDS-main= devel/pcre
LIB_DEPENDS-xslt= textproc/libxml \
@@ -99,6 +105,7 @@ LIB_DEPENDS-geoip2= net/libmaxminddb
LIB_DEPENDS-ldap_auth= databases/openldap
LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS}
LIB_DEPENDS-rtmp=
+LIB_DEPENDS-modsecurity3= security/libmodsecurity
MODLUA_RUNDEP= No
RUN_DEPENDS= www/nginx,-main=${VERSION}
@@ -146,6 +153,12 @@ CONFIGURE_ARGS+=
--add-dynamic-module=${LOCALBASE}/lib/phusion-passenger${GEM_BI
CONFIGURE_ARGS+=
--add-dynamic-module=${WRKDIR}/nginx-rtmp-module-${VERSION-rtmp}/
.endif
+.if ${BUILD_PACKAGES:M-modsecurity3}
+CONFIGURE_ENV+= MODSECURITY_LIB=${PREFIX}/lib \
+ MODSECURITY_INC=${PREFIX}/include/modsecurity
+CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/ModSecurity-nginx
+.endif
+
CONFIGURE_ARGS+= --prefix=${NGINX_DIR} \
--conf-path=${SYSCONFDIR}/nginx/nginx.conf \
--sbin-path=${PREFIX}/sbin/nginx \
@@ -188,7 +201,7 @@ ALL_TARGET=
pre-patch:
.for i in headers-more-nginx-module lua-nginx-module naxsi \
- nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module
+ nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module ModSecurity-nginx
cd ${WRKSRC} && mv ../$i-* $i
.endfor
diff --git a/www/nginx/distinfo b/www/nginx/distinfo
index 607c62e..bb696de 100644
--- a/www/nginx/distinfo
+++ b/www/nginx/distinfo
@@ -1,3 +1,4 @@
+SHA256 (ModSecurity-nginx-v1.0.1.tar.gz) =
yWmnhlm7R8hJKd4LmtwfjFEqUeyd07Fiy1aK4ijT1Z4=
SHA256 (headers-more-nginx-module-v0.33.tar.gz) =
o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78=
SHA256 (lua-nginx-module-v0.10.11.tar.gz) =
wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
SHA256 (naxsi-0.55.3.tar.gz) = CzyV0lB3Lcia2LSeR8HgJMWuLHbAz/pEXp/gXE3RNJU=
@@ -7,6 +8,7 @@ SHA256
(nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = aQxOW
SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) =
h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc=
SHA256 (ngx_devel_kit-v0.3.0.tar.gz) =
iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk=
SHA256 (ngx_http_geoip2_module-3.3.tar.gz) =
QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc=
+SIZE (ModSecurity-nginx-v1.0.1.tar.gz) = 31920
SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130
SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653
SIZE (naxsi-0.55.3.tar.gz) = 187416
diff --git a/www/nginx/pkg/DESCR-modsecurity3 b/www/nginx/pkg/DESCR-modsecurity3
new file mode 100644
index 0000000..cdf9b58
--- /dev/null
+++ b/www/nginx/pkg/DESCR-modsecurity3
@@ -0,0 +1,10 @@
+The ModSecurity-nginx connector is the connection point between Nginx and
+libmodsecurity (ModSecurity v3). Said another way, this project provides a
+communication channel between Nginx and libmodsecurity. This connector is
+required to use LibModSecurity with Nginx.
+
+The ModSecurity-nginx connector takes the form of an Nginx module. The module
+simply serves as a layer of communication between Nginx and ModSecurity.
+
+Notice that this project depends on libmodsecurity rather than ModSecurity
+(version 2.9 or less).
diff --git a/www/nginx/pkg/PLIST-modsecurity3 b/www/nginx/pkg/PLIST-modsecurity3
new file mode 100644
index 0000000..d75d428
--- /dev/null
+++ b/www/nginx/pkg/PLIST-modsecurity3
@@ -0,0 +1,2 @@
+@comment $OpenBSD: PLIST-modsecurity3,v$
+@so ngx_http_modsecurity_module.so
