From owner-freebsd-stable@freebsd.org Wed Jan 23 00:18:12 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A98B14B457D for ; Wed, 23 Jan 2019 00:18:12 +0000 (UTC) (envelope-from softwareinforjam@gmail.com) Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F063F80A4A for ; Wed, 23 Jan 2019 00:18:10 +0000 (UTC) (envelope-from softwareinforjam@gmail.com) Received: by mail-vs1-xe2c.google.com with SMTP id y27so275284vsi.1 for ; Tue, 22 Jan 2019 16:18:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:mime-version:to:from:subject:date:importance:in-reply-to :references; bh=mHPPxuNeJ5H3j0E94y95GiOAOr5INeoksa1e2ehb/50=; b=DP/+skZ1WzNbeBTWSe8/QHGczjLKLIwftDIdse1ofJSWP43kkXfBns8s1HOabXXUV+ i+O0izUKGXdSdEFDY8O2oeFD3cnn+QiwqJeq7/4LBh7ME9N7//dzSGPL8XH8C3QKK9V1 6+Fjsw3jNUjV9YKbPxuVfBrgadYnBsHE4F2uD5W2WtWHEH/fNl3hZacI15YfSypomogb vxbCrlZur+SltJz8DYm8RYm9nb+S8/ZNIUhfTCsbHwcAtZzNO6ew6HNCSZLjwMUB5rf3 NM4hUIna5eUZkD0OC7qewmr/aIPqpV2GUuuONX9hoNVw6tjkw70whPhGzIbX0rhuvMME kKZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:mime-version:to:from:subject:date :importance:in-reply-to:references; bh=mHPPxuNeJ5H3j0E94y95GiOAOr5INeoksa1e2ehb/50=; b=kYzBb4Z1ugp1TicHCHyP5/EhociBNIg7z8hQQBi7gL041T2mMl+zVR+1qzLmRI/Zgh LLuyAXNU1ITQezWD6dEN19+/UsCJpPBZLxYC2ChCvlHMv12tTeXEW+IDMkosk7jmuKmf QF3Jhn8IiO6zaC5KROJiaQWdVQOqGCh5o/GNs6YwLtG6tBF0KjXxAarnFeEQueSnNW4L pTBRhDdcWT6naf7HHmFNQZ9N1Adf3iZ9F2+A32AxfIpLCk9SA/uiUuj5e1d1ikgod2kT NMKmZzvr/DwZbgjUR0N0cc/BN2I1ErLn/EMI9Vf9PA6HFyWuU7XrlprP79EqFnKQ+X0F 3FWw== X-Gm-Message-State: AJcUuke+kPbTH1dPcNJUWDgu1dHuAZ8Qei3Y2GMFbvnniwCSmnbNeu0g m9mRg9e4ajmu2VEFxKkgOeV/fsBz X-Google-Smtp-Source: ALg8bN5vsIk0UjBMNQcPbDmJeSgESwSSLqYYcm1tNuKhipKPphmErfJP4QUQBYpVoRjVm21SB1zzFg== X-Received: by 2002:a67:a9c7:: with SMTP id m68mr21073vsh.19.1548202689722; Tue, 22 Jan 2019 16:18:09 -0800 (PST) Received: from ?IPv6:::ffff:192.10.1.165? ([208.131.167.134]) by smtp.gmail.com with ESMTPSA id h2sm24167586vka.8.2019.01.22.16.18.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Jan 2019 16:18:08 -0800 (PST) Message-ID: <5c47b2c0.1c69fb81.ba7c2.95f3@mx.google.com> MIME-Version: 1.0 To: "freebsd-stable@freebsd.org" From: SoftwareInforJam Subject: RE: Issue with mod_security3 Date: Tue, 22 Jan 2019 19:18:08 -0500 Importance: normal X-Priority: 3 In-Reply-To: <5c476baa.1c69fb81.58970.0af8@mx.google.com> References: <5c4744cd.1c69fb81.7b84f.5450@mx.google.com> <20190122185438.GC85865@v1.leiden.byshenk.net> <5c476baa.1c69fb81.58970.0af8@mx.google.com> X-Rspamd-Queue-Id: F063F80A4A X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=DP/+skZ1; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of softwareinforjam@gmail.com designates 2607:f8b0:4864:20::e2c as permitted sender) smtp.mailfrom=softwareinforjam@gmail.com X-Spamd-Result: default: False [-5.55 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; HAS_X_PRIO_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.69)[-0.687,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_LAST(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-2.85)[ip: (-9.82), ipnet: 2607:f8b0::/32(-2.46), asn: 15169(-1.89), country: US(-0.08)]; RCVD_IN_DNSWL_NONE(0.00)[c.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; TO_DN_EQ_ADDR_ALL(0.00)[] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2019 00:18:12 -0000 Well I am making some progress I guess. Now modsecurity is installed and no= t orphaned. My challenge now is that I have been reading several documents = and all of them say I need to add the following to nginx.conf load_module modules/ngx_http_modsecurity.so; My challenge now is I can=E2=80=99t seem to find this module anywhere. I am= not sure what to do now. Isn=E2=80=99t this module needed for this to work= ? root@proxy:/usr/local/etc/nginx # find / -name "ngx_http_modsecurity*" /usr/ports/www/nginx/work/nginx-1.14.2/objs/addon/src/ngx_http_modsecurity_= body_filter.o /usr/ports/www/nginx/work/nginx-1.14.2/objs/addon/src/ngx_http_modsecurity_= rewrite.o /usr/ports/www/nginx/work/nginx-1.14.2/objs/addon/src/ngx_http_modsecurity_= log.o /usr/ports/www/nginx/work/nginx-1.14.2/objs/addon/src/ngx_http_modsecurity_= pre_access.o /usr/ports/www/nginx/work/nginx-1.14.2/objs/addon/src/ngx_http_modsecurity_= header_filter.o /usr/ports/www/nginx/work/nginx-1.14.2/objs/addon/src/ngx_http_modsecurity_= module.o /usr/ports/www/nginx/work/ModSecurity-nginx-71ede63/src/ngx_http_modsecurit= y_body_filter.c /usr/ports/www/nginx/work/ModSecurity-nginx-71ede63/src/ngx_http_modsecurit= y_common.h /usr/ports/www/nginx/work/ModSecurity-nginx-71ede63/src/ngx_http_modsecurit= y_header_filter.c /usr/ports/www/nginx/work/ModSecurity-nginx-71ede63/src/ngx_http_modsecurit= y_log.c /usr/ports/www/nginx/work/ModSecurity-nginx-71ede63/src/ngx_http_modsecurit= y_module.c /usr/ports/www/nginx/work/ModSecurity-nginx-71ede63/src/ngx_http_modsecurit= y_pre_access.c /usr/ports/www/nginx/work/ModSecurity-nginx-71ede63/src/ngx_http_modsecurit= y_rewrite.c Sent from Mail for Windows 10 From: SoftwareInforJam Sent: Tuesday, January 22, 2019 2:14 PM To: Gregory Byshenk; freebsd-stable@freebsd.org Subject: RE: Issue with mod_security3 Ah. Got that. Thank you. I had just assumed that the name would be the same= as the name of the port. I am going to try again. Thanks again. Sent from Mail for Windows 10 From: Gregory Byshenk Sent: Tuesday, January 22, 2019 1:54 PM To: freebsd-stable@freebsd.org; SoftwareInforJam Subject: Re: Issue with mod_security3 On Tue, Jan 22, 2019 at 11:29:01AM -0500, SoftwareInforJam wrote: > I am have a queer problem with the port mod_security3. I > actually want to set it up to work with NGINX. The port > /usr/ports/www/mod_security3 exists but when I do a=20 > # pkg install mod_security3=20 > I get=20 > ???pkg: No packages available to install matching 'mod_security3' > have been found in the repositories??? >=20 > When I do a pkg search ???mod_security*??? only > ap24-mod_security-2.9.2_3 Intrusion detection and prevention > engine. So only version 2.9 shows up. Not sure why this is > happening. Can anyone shed some light on this please? I'm no expert on mod_security, but my guess, based on reading https://www.linuxjournal.com/content/modsecurity-and-nginx, is that previous (to v3) versions of mod_security worked _only_ with apache. And it seems likely that the port has not yet been updated to the newest v3. Also based on the article, it seems that getting even mod_security v3 to work with nginx is slightly complicated, as building it depends on the specific version of nginx that is installed. --=20 gregory byshenk=C2=A0 -=C2=A0 gbyshenk@byshenk.net=C2=A0 -=C2=A0 Leiden, NL