Hi! Bluhm has submitted security/libmodsecurity a while ago and this diff adds the ModSecurity3 connector to nginx port which is required for building a web application firewall using ModSecurity3.
Would be nice if this could be added to nginx.
Thanks a lot for your work maintaining the port!
Greetings,
Matthias
Index: Makefile
===================================================================
RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/Makefile,v
diff -u -p -r1.184 Makefile
--- Makefile 19 Aug 2024 14:55:56 -0000 1.184
+++ Makefile 16 Jan 2025 13:25:39 -0000
@@ -10,6 +10,7 @@ COMMENT-image_filter= nginx image filter
COMMENT-ldap_auth= nginx LDAP authentication module
COMMENT-lua= nginx lua scripting (lua-nginx-module and ngx_devel_kit)
COMMENT-mailproxy= nginx mail proxy module
+COMMENT-modsecurity3= nginx module for ModSecurity
COMMENT-naxsi= nginx web application firewall module
COMMENT-njs= nginx javascript scripting module
COMMENT-passenger= nginx passenger (ruby/python/nodejs) integration module
@@ -31,6 +32,7 @@ PKGNAME-image_filter= nginx-image_filter
PKGNAME-ldap_auth= nginx-ldap_auth-${VERSION}
PKGNAME-lua= nginx-lua-${VERSION}
PKGNAME-mailproxy= nginx-mailproxy-${VERSION}
+PKGNAME-modsecurity3= nginx-modsecurity3-${VERSION}
PKGNAME-naxsi= nginx-naxsi-${VERSION}
PKGNAME-njs= nginx-njs-${VERSION}
PKGNAME-passenger= nginx-passenger-${VERSION}
@@ -57,6 +59,7 @@ DIST_TUPLE= \
github nginx njs 0.8.4 njs \
github arut nginx-rtmp-module v1.2.2 nginx-rtmp-module \
github nginx-modules ngx_http_hmac_secure_link_module
48c4625fbbf51ed5a95bfec23fa444f6c3702e50 ngx_http_hmac_secure_link_module \
+ github owasp-modsecurity ModSecurity-nginx v1.0.3 ModSecurity-nginx
HOMEPAGE= https://nginx.org/
@@ -65,6 +68,7 @@ HOMEPAGE-geoip2= https://github.com/leev
HOMEPAGE-headers_more= https://github.com/openresty/headers-more-nginx-module
HOMEPAGE-ldap_auth= https://github.com/kvspb/nginx-auth-ldap
HOMEPAGE-lua= https://github.com/openresty/lua-nginx-module
+HOMEPAGE-modsecurity3= https://github.com/owasp-modsecurity/ModSecurity-nginx
HOMEPAGE-naxsi= https://github.com/wargio/naxsi
HOMEPAGE-njs= https://github.com/nginx/njs
HOMEPAGE-passenger= https://www.phusionpassenger.com/
@@ -80,11 +84,11 @@ MULTI_PACKAGES = -main -naxsi -perl ${MO
MODULE_PACKAGES = -cache_purge -geoip2 -headers_more \
-image_filter -ldap_auth -lua -mailproxy \
- -njs -passenger -rtmp -securelink -stream \
- -xslt
+ -modsecurity3 -njs -passenger -rtmp \
+ -securelink -stream -xslt
FLAVOR ?=
-PSEUDO_FLAVORS = no_lua no_njs no_passenger
+PSEUDO_FLAVORS = no_lua no_modsecurity3 no_njs no_passenger
COMPILER = base-clang ports-gcc base-gcc
@@ -98,6 +102,9 @@ WANTLIB-image_filter= gd
WANTLIB-ldap_auth= ldap
WANTLIB-lua= ${MODLUA_WANTLIB} m pcre
WANTLIB-mailproxy=
+WANTLIB-modsecurity3= ${COMPILER_LIBCXX} c curl crypto iconv lzma m \
+ maxminddb modsecurity nghttp2 nghttp3 ngtcp2 \
+ ngtcp2_crypto_quictls pcre pcre2-8 pthread ssl xml2 yajl
WANTLIB-naxsi=
WANTLIB-njs= exslt m xml2 xslt
WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
@@ -114,6 +121,16 @@ LIB_DEPENDS-image_filter=graphics/gd
LIB_DEPENDS-ldap_auth= databases/openldap
LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS} \
devel/pcre
+LIB_DEPENDS-modsecurity3= converters/libiconv \
+ devel/libyajl \
+ devel/pcre \
+ devel/pcre2 \
+ net/libmaxminddb \
+ net/ngtcp2 \
+ security/libmodsecurity \
+ textproc/libxml \
+ www/nghttp2 \
+ www/nghttp3
LIB_DEPENDS-njs= devel/pcre2 \
textproc/libxslt \
textproc/libxml
@@ -155,6 +172,12 @@ MODULES+= lang/lua
CONFIGURE_ENV+= MODLUA_INCL_DIR=${MODLUA_INCL_DIR} \
MODLUA_LIB=${MODLUA_LIB}
CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/lua-nginx-module
+.endif
+
+.if ${BUILD_PACKAGES:M-modsecurity3}
+CONFIGURE_ENV+=
MODSECURITY_INC=${LOCALBASE}/include/modsecurity \
+ MODSECURITY_LIB=${LOCALBASE}/lib
+CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/ModSecurity-nginx
.endif
.if ${BUILD_PACKAGES:M-passenger}
Index: distinfo
===================================================================
RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/distinfo,v
diff -u -p -r1.88 distinfo
--- distinfo 19 Aug 2024 14:55:56 -0000 1.88
+++ distinfo 13 Jan 2025 10:41:14 -0000
@@ -9,6 +9,7 @@ SHA256 (nginx-modules-ngx_http_hmac_secu
SHA256 (nginx-njs-0.8.4.tar.gz) = /hl+JUIEwV6fHfCs83Wt1XvjQWkB7I17hzGdzLSQ+Q0=
SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) =
DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
SHA256 (openresty-lua-nginx-module-v0.10.11.tar.gz) =
wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
+SHA256 (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) =
MqQiVmFsxnTcokyGVDlzkK3/FbiIt363TgaH8CPIdRs=
SHA256 (vision5-ngx_devel_kit-v0.3.3.tar.gz) =
+qL81RaLEHZNNQgTVlEdX4TbXFJqGqS2rdLblLaFOys=
SIZE (FRiCKLE-ngx_cache_purge-2.3.tar.gz) = 11717
SIZE (arut-nginx-rtmp-module-v1.2.2.tar.gz) = 519934
@@ -21,4 +22,5 @@ SIZE (nginx-modules-ngx_http_hmac_secure
SIZE (nginx-njs-0.8.4.tar.gz) = 743910
SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827
SIZE (openresty-lua-nginx-module-v0.10.11.tar.gz) = 616653
+SIZE (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) = 34063
SIZE (vision5-ngx_devel_kit-v0.3.3.tar.gz) = 66561
Index: pkg/DESCR-modsecurity3
===================================================================
RCS file: pkg/DESCR-modsecurity3
diff -N pkg/DESCR-modsecurity3
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/DESCR-modsecurity3 13 Jan 2025 12:46:53 -0000
@@ -0,0 +1,3 @@
+The ModSecurity-nginx module provides a connector for libmodsecurity to nginx.
+
+WWW: https://github.com/SpiderLabs/ModSecurity-nginx
Index: pkg/PLIST-modsecurity3
===================================================================
RCS file: pkg/PLIST-modsecurity3
diff -N pkg/PLIST-modsecurity3
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/PLIST-modsecurity3 16 Jan 2025 13:25:51 -0000
@@ -0,0 +1 @@
+ngx_http_modsecurity_module.so
smime.p7s
Description: S/MIME cryptographic signature
