@@ -1150,6 +1150,7 @@ F: package/dtbocfg/
F: package/libdbi/
F: package/libdbi-drivers/
F: package/lua-augeas/
+F: package/modsecurity2/
F: support/testing/tests/package/test_dtbocfg.py
F: support/testing/tests/package/test_lua_augeas.py
@@ -1991,6 +1992,7 @@ F: package/bmap-tools/
F: package/libdbi/
F: package/libdbi-drivers/
F: package/lua-augeas/
+F: package/modsecurity2/
F: package/php-xdebug/
F: package/python-augeas/
F: package/python-flask-expects-json/
@@ -2097,6 +2097,11 @@ menu "Networking applications"
source "package/aircrack-ng/Config.in"
source "package/aoetools/Config.in"
source "package/apache/Config.in"
+if BR2_PACKAGE_APACHE
+menu "External Apache modules"
+ source "package/modsecurity2/Config.in"
+endmenu
+endif
source "package/argus/Config.in"
source "package/arp-scan/Config.in"
source "package/arptables/Config.in"
new file mode 100644
@@ -0,0 +1,12 @@
+config BR2_PACKAGE_MODSECURITY2
+ bool "modsecurity2"
+ depends on BR2_PACKAGE_APACHE
+ select BR2_PACKAGE_LIBXML2
+ help
+ ModSecurity is an open source, cross-platform web application
+ firewall (WAF) module. Known as the "Swiss Army Knife" of
+ WAFs, it enables web application defenders to gain visibility
+ into HTTP(S) traffic and provides a power rules language and
+ API to implement advanced protections.
+
+ https://github.com/SpiderLabs/ModSecurity
new file mode 100644
@@ -0,0 +1,3 @@
+# Locally computed
+sha256 686695c650449a338757711254ea78c67dedb1d258e03e5c8686f869388fff8c modsecurity2-2.9.4.tar.gz
+sha256 2c564f5a67e49e74c80e5a7dcacd1904e7408f1fd6a95218b38c04f012d94cb9 LICENSE
new file mode 100644
@@ -0,0 +1,21 @@
+################################################################################
+#
+# modsecurity2
+#
+################################################################################
+
+MODSECURITY2_VERSION = 2.9.4
+MODSECURITY2_SITE = $(call github,SpiderLabs,ModSecurity,v$(MODSECURITY2_VERSION))
+MODSECURITY2_LICENSE = Apache-2.0
+MODSECURITY2_LICENSE_FILES = LICENSE
+MODSECURITY2_INSTALL_STAGING = YES
+MODSECURITY2_DEPENDENCIES = apache libxml2
+MODSECURITY2_AUTORECONF = YES
+
+MODSECURITY2_CONF_OPTS += --with-pcre=$(STAGING_DIR)/usr/bin/pcre-config \
+ --with-libxml=$(STAGING_DIR)/usr \
+ --with-apr=$(STAGING_DIR)/usr/bin/apr-1-config \
+ --with-apu=$(STAGING_DIR)/usr/bin/apu-1-config \
+ --with-apxs=$(STAGING_DIR)/usr/bin/apxs
+
+$(eval $(autotools-package))
The modsecurity2 package provides an Apache module implementing a web application firewall (WAF) module. Based on initial work from Tom Marcuzzi <tom.marcuzzi@orolia.com> and Nicolas Carrier <nicolas.carrier@orolia.com> modsecurity2 will be superseeded sooner or later by modsecurity v3 ie. libmodsecurity [1] and its Apache connector [2]. libmodsecurity is already supported in Buildroot with its Nginx connector. According to the Apache connector web page and the discussion [3], the Apache connector is not ready for production use. [1] https://github.com/SpiderLabs/ModSecurity [2] https://github.com/SpiderLabs/ModSecurity-apache [3] https://github.com/SpiderLabs/ModSecurity-apache/issues/80 The best we can do now is to still use modsecurity2 (v2.9.x) for Apache: https://github.com/SpiderLabs/ModSecurity/tree/v2/master Signed-off-by: Herve Codina <herve.codina@bootlin.com> --- A previous version was submitted but never merged: https://lore.kernel.org/buildroot/20191121172845.25958-1-tom.marcuzzi@orolia.com/ The patch was marked "superseeded" probably wrongly with the introduction of modsecurity v3 (libmodsecurity and its Nginx connector) DEVELOPERS | 2 ++ package/Config.in | 5 +++++ package/modsecurity2/Config.in | 12 ++++++++++++ package/modsecurity2/modsecurity2.hash | 3 +++ package/modsecurity2/modsecurity2.mk | 21 +++++++++++++++++++++ 5 files changed, 43 insertions(+) create mode 100644 package/modsecurity2/Config.in create mode 100644 package/modsecurity2/modsecurity2.hash create mode 100644 package/modsecurity2/modsecurity2.mk