Hi Tan,

I do agree with you that nginx version (as IIS) will be even better with less dependencies of Apache or libapr. But I am afraid to say that currently ModSecurity core is very dependent of the libapr. For various things, for instance, memory management. 

You are not the first one to ask about that, so i've opened an META-Issue to track ideas and efforts on the subject. Here goes the link: https://github.com/SpiderLabs/ModSecurity/issues/661

These dependencies exists due to historical reasons. I believe that, as ModSecurity will achieving new functionalities and bugs will be fixed, those dependencies will be being minimized.

IMHO, to have our standalone version independent of Apache, and others that are not strictly necessary is an excellent goal. Contributions to boost up this process are very welcomed.

Felipe "Zimmerle" Costa
Security Researcher, SpiderLabs


On Feb 10, 2014, at 3:30 AM, 谭锋 <tanfeng@leadsec.com.cn> wrote:

Hi all:
We have been using mod_security for Nginx for over two years, current
mod_security still depends too much
upon Apache stuffs: apr,apr-util,and even httpd, in compiling  or running
time, which are quite strange
and of no reason for we Nginx and IIS users, giving us an extremely complex
task and heavy burden in building, porting and tuning.
We are expecting when mod_security for Nginx is no longer a wrapper of a
module for Apache.

Tan Feng

Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
mod-security-developers mailing list
ModSecurity Services from Trustwave's SpiderLabs:

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.