package/modsecurity2: new package

The modsecurity2 package provides an Apache module implementing
a web application firewall (WAF) module.

Based on initial work from Tom Marcuzzi <tom.marcuzzi@orolia.com>
and Nicolas Carrier <nicolas.carrier@orolia.com>

modsecurity2 will be superseeded sooner or later by modsecurity v3
ie. libmodsecurity [1] and its Apache connector [2]. libmodsecurity
is already supported in Buildroot with its Nginx connector.
According to the Apache connector web page and the discussion [3],
the Apache connector is not ready for production use.

  [1] https://github.com/SpiderLabs/ModSecurity
  [2] https://github.com/SpiderLabs/ModSecurity-apache
  [3] https://github.com/SpiderLabs/ModSecurity-apache/issues/80

The best we can do now is to still use modsecurity2 (v2.9.x) for
Apache:
  https://github.com/SpiderLabs/ModSecurity/tree/v2/master

Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Herve Codina 2021-10-18 15:25:31 +02:00 committed by Thomas Petazzoni
parent 34ed9dae4d
commit 0d1da42fcc
5 changed files with 49 additions and 0 deletions

View File

@ -1160,6 +1160,7 @@ F: package/dtbocfg/
F: package/libdbi/
F: package/libdbi-drivers/
F: package/lua-augeas/
F: package/modsecurity2/
F: support/testing/tests/package/test_dtbocfg.py
F: support/testing/tests/package/test_lua_augeas.py
@ -2019,6 +2020,7 @@ F: package/bmap-tools/
F: package/libdbi/
F: package/libdbi-drivers/
F: package/lua-augeas/
F: package/modsecurity2/
F: package/php-pecl-dbus/
F: package/php-xdebug/
F: package/python-augeas/

View File

@ -2114,6 +2114,11 @@ menu "Networking applications"
source "package/aircrack-ng/Config.in"
source "package/aoetools/Config.in"
source "package/apache/Config.in"
if BR2_PACKAGE_APACHE
menu "External Apache modules"
source "package/modsecurity2/Config.in"
endmenu
endif
source "package/argus/Config.in"
source "package/arp-scan/Config.in"
source "package/arptables/Config.in"

View File

@ -0,0 +1,13 @@
config BR2_PACKAGE_MODSECURITY2
bool "modsecurity2"
depends on BR2_PACKAGE_APACHE
select BR2_PACKAGE_LIBXML2
select BR2_PACKAGE_PCRE
help
ModSecurity is an open source, cross-platform web application
firewall (WAF) module. Known as the "Swiss Army Knife" of
WAFs, it enables web application defenders to gain visibility
into HTTP(S) traffic and provides a power rules language and
API to implement advanced protections.
https://github.com/SpiderLabs/ModSecurity

View File

@ -0,0 +1,3 @@
# Locally computed
sha256 686695c650449a338757711254ea78c67dedb1d258e03e5c8686f869388fff8c modsecurity2-2.9.4.tar.gz
sha256 2c564f5a67e49e74c80e5a7dcacd1904e7408f1fd6a95218b38c04f012d94cb9 LICENSE

View File

@ -0,0 +1,26 @@
################################################################################
#
# modsecurity2
#
################################################################################
MODSECURITY2_VERSION = 2.9.4
MODSECURITY2_SITE = $(call github,SpiderLabs,ModSecurity,v$(MODSECURITY2_VERSION))
MODSECURITY2_LICENSE = Apache-2.0
MODSECURITY2_LICENSE_FILES = LICENSE
MODSECURITY2_INSTALL_STAGING = YES
MODSECURITY2_DEPENDENCIES = apache libxml2 pcre
MODSECURITY2_AUTORECONF = YES
MODSECURITY2_CONF_OPTS = \
--with-pcre=$(STAGING_DIR)/usr/bin/pcre-config \
--with-libxml=$(STAGING_DIR)/usr \
--with-apr=$(STAGING_DIR)/usr/bin/apr-1-config \
--with-apu=$(STAGING_DIR)/usr/bin/apu-1-config \
--with-apxs=$(STAGING_DIR)/usr/bin/apxs \
--without-curl \
--without-lua \
--without-yajl \
--without-ssdeep
$(eval $(autotools-package))