Hi Derek,

ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and _tested_ through our build farm. Here you can access the logs:


We are using a Beagle Bone Black to compile and to test it. It is running Ubuntu linux with RobertCNelson's kernel.

I believe that you are facing a problem with your cross compiling environment. Can you share more details about your host system?
How you are trying to make this cross-compilation? Do you have Scratchbox? OpenEmbeeded? are you using Linaro's gcc?

So far, I can tell you that the "config" script, which will be later used by Nginx, is generated while you got ModSecurity configured as standalone module. It is done that way to reflect on the Nginx configuration the very same options that you have used in ModSecurity compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS with something else, you probably is losing the right paths to the cross compiled dependencies. Check if it is replacing the cflags. You can have a look at: 

$ cat /your/path/to/ModSecurity/nginx/modsecurity/config

This file should contain the right paths to the cross compiled dependencies. Also check if, while compiling Nginx, this paths are being used by gcc. 

Other thing that you can do, is to check which libraries ModSecurity standalone so file is linked to, just to confirm that it is linked to the right dependencies (which should reflect your target compilation platform).

Felipe "Zimmerle" Costa
Security Researcher, SpiderLabs


On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <thewerthfam@gmail.com>

Working on setting modsecurity with nginx in a forward proxy configuration on a raspberry pi. 
I've got modsecurity building ok it seems. Have nginx building with out modsecurity ok.  But nginx will not link properly with modsecurity.

nginx 1.5.10
apache 2.2.26
modsecurity 2.7.7

Getting lots of messages like modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined reference to `apr_bucket_free'

nginx doesn't have a with-apr section in its configure script, so I figure this is referring to modsecurity's use of apr.

Also seems to be having trouble finding the libxml2 libraries.
Bunch of these messages too.
../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): In function `hash_response_body_links':
msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext'
msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression'

Any guidance on getting this compiled correctly?

Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
mod-security-developers mailing list
ModSecurity Services from Trustwave's SpiderLabs:

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.