Issue with mod_security3
Matt Garber
matt.garber at gmail.com
Tue Jan 22 19:03:06 UTC 2019
On Jan 22, 2019, at 1:54 PM, Gregory Byshenk <freebsd at byshenk.net> wrote:
>
> On Tue, Jan 22, 2019 at 11:29:01AM -0500, SoftwareInforJam wrote:
>
>> I am have a queer problem with the port mod_security3. I
>> actually want to set it up to work with NGINX. The port
>> /usr/ports/www/mod_security3 exists but when I do a
>> # pkg install mod_security3
>> I get
>> ???pkg: No packages available to install matching 'mod_security3'
>> have been found in the repositories???
>>
>> When I do a pkg search ???mod_security*??? only
>> ap24-mod_security-2.9.2_3 Intrusion detection and prevention
>> engine. So only version 2.9 shows up. Not sure why this is
>> happening. Can anyone shed some light on this please?
>
> I'm no expert on mod_security, but my guess, based on reading
> https://www.linuxjournal.com/content/modsecurity-and-nginx,
> is that previous (to v3) versions of mod_security worked
> _only_ with apache.
>
> And it seems likely that the port has not yet been updated to
> the newest v3.
>
> Also based on the article, it seems that getting even mod_security
> v3 to work with nginx is slightly complicated, as building it
> depends on the specific version of nginx that is installed.
ModSecurity 3 – working natively with nginx – is significantly different than prior versions, although in this case I think it’s merely a matter of not searching for the correct package name: here are the two packages (not ports) available – note the name change for v3. You’ll need to install ‘modsecurity3’ via packages for that version. (Your search for mod_security* was too restrictive and didn’t show you the v3 package, since it omits the underscore.)
$ pkg search mod | grep security
ap24-mod_security-2.9.2_3 Intrusion detection and prevention engine
modsecurity3-3.0.3_1 Intrusion detection and prevention engine
Thanks,
—
Matt Garber
More information about the freebsd-stable
mailing list