From owner-freebsd-stable@freebsd.org Tue Jan 22 19:03:06 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8B7E14ABCCE for ; Tue, 22 Jan 2019 19:03:05 +0000 (UTC) (envelope-from matt.garber@gmail.com) Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA51E6ABD1 for ; Tue, 22 Jan 2019 19:03:04 +0000 (UTC) (envelope-from matt.garber@gmail.com) Received: by mail-qt1-x843.google.com with SMTP id l11so28965488qtp.0 for ; Tue, 22 Jan 2019 11:03:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=CTOPJJ2ofKV56adK53AH9nejyu2lcbk1BQWbDDrI8eY=; b=VM0dutVQ2LZeZdAGsLeDDpYmQC8W9Fvm+brJ+JuA6xXnadZADo7YfoOV5wxiud6F7q TLaq4L+YN5+6Ko/fx3d07rOTPAbps+8bUJw5O6KmV0XoHkvUUqdadESdBUpWCh6wrWER LFwz0uSiKZFKUeldw2Xb8KL6ge6kgunROtyU3PQ9FBF+XkaFWA7CSa5qrF2PAD1+HT+K vbk1Mqa9nHzBBvPvsZZu/v28AObtpJXUzj9ADhiZdsDMgwO5qIxEAgvFiW4NbLCzRd4s A1HZ+/UyqdLQvvi7m5S1WVBn/96tLpA0SoHyWqvxv3VuSCrJ0LG2ZGSPK0qWou0e1mra s64Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=CTOPJJ2ofKV56adK53AH9nejyu2lcbk1BQWbDDrI8eY=; b=D0yqlDsxY2bwPk2baceEaJPBJ7KG9YTqLwtdgHju0QEQRRIlbp9bMOfF6Pt0FJH52t 70geoe3NSN/hZjIMIWTCY2BI0wm0t+VpVR8cNdPr9yZBGAMKQJh8MR1TCzihY/StkD1D 8ln83r1SoXgzrflziB8tHkZHpVjORMI1uv8flOHiEsRlhSI+aT4GoesG8Y3K/3vUg1Gv lLY/jmyeAWLLlStQEO7iA5Skx5aqPhirj8jXkfrCilIayQtVTQRLSYMoSxR0vFvFuQcB k93Tu6DfoKMVJm6OZu0aHYo4LT1TvP9ZRbsIjIvwA6l2KZERpTFhxkcHrjRVSAbG6LAD ZO8Q== X-Gm-Message-State: AJcUukctG0NTgtIIoZrau/zUirRmZjk0b/Ex91bjFHFl6Vbq46w0WnRe z4fLaAmQmmuF/oW6HqqZbERFem+2 X-Google-Smtp-Source: ALg8bN509uhAlqsfJJldgQMcXEqWKgn3E55f58JrC27mYWGf2+wNsAdSl9ZKSkd3oihsDxOCtRr+gQ== X-Received: by 2002:aed:242e:: with SMTP id r43mr33418247qtc.128.1548183784410; Tue, 22 Jan 2019 11:03:04 -0800 (PST) Received: from [10.137.65.250] ([216.151.191.251]) by smtp.gmail.com with ESMTPSA id t5sm43507642qkl.14.2019.01.22.11.03.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Jan 2019 11:03:03 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: Issue with mod_security3 From: Matt Garber In-Reply-To: <20190122185438.GC85865@v1.leiden.byshenk.net> Date: Tue, 22 Jan 2019 14:03:02 -0500 Cc: "freebsd-stable@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <6F9FCA4E-1368-4122-8EBC-5389B90C7FFB@gmail.com> References: <5c4744cd.1c69fb81.7b84f.5450@mx.google.com> <20190122185438.GC85865@v1.leiden.byshenk.net> To: Gregory Byshenk , SoftwareInforJam X-Mailer: Apple Mail (2.3445.102.3) X-Rspamd-Queue-Id: DA51E6ABD1 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=VM0dutVQ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of mattgarber@gmail.com designates 2607:f8b0:4864:20::843 as permitted sender) smtp.mailfrom=mattgarber@gmail.com X-Spamd-Result: default: False [-4.10 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MV_CASE(0.50)[]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.98)[-0.976,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[3.4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-0.61)[ip: (1.38), ipnet: 2607:f8b0::/32(-2.48), asn: 15169(-1.89), country: US(-0.08)] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2019 19:03:06 -0000 On Jan 22, 2019, at 1:54 PM, Gregory Byshenk = wrote: >=20 > On Tue, Jan 22, 2019 at 11:29:01AM -0500, SoftwareInforJam wrote: >=20 >> I am have a queer problem with the port mod_security3. I >> actually want to set it up to work with NGINX. The port >> /usr/ports/www/mod_security3 exists but when I do a=20 >> # pkg install mod_security3=20 >> I get=20 >> ???pkg: No packages available to install matching 'mod_security3' >> have been found in the repositories??? >>=20 >> When I do a pkg search ???mod_security*??? only >> ap24-mod_security-2.9.2_3 Intrusion detection and prevention >> engine. So only version 2.9 shows up. Not sure why this is >> happening. Can anyone shed some light on this please? >=20 > I'm no expert on mod_security, but my guess, based on reading > https://www.linuxjournal.com/content/modsecurity-and-nginx, > is that previous (to v3) versions of mod_security worked > _only_ with apache. >=20 > And it seems likely that the port has not yet been updated to > the newest v3. >=20 > Also based on the article, it seems that getting even mod_security > v3 to work with nginx is slightly complicated, as building it > depends on the specific version of nginx that is installed. ModSecurity 3 =E2=80=93 working natively with nginx =E2=80=93 is = significantly different than prior versions, although in this case I = think it=E2=80=99s merely a matter of not searching for the correct = package name: here are the two packages (not ports) available =E2=80=93 = note the name change for v3. You=E2=80=99ll need to install = =E2=80=98modsecurity3=E2=80=99 via packages for that version. (Your = search for mod_security* was too restrictive and didn=E2=80=99t show you = the v3 package, since it omits the underscore.) $ pkg search mod | grep security ap24-mod_security-2.9.2_3 Intrusion detection and prevention engine modsecurity3-3.0.3_1 Intrusion detection and prevention engine Thanks, =E2=80=94 Matt Garber