[Mod-security-developers] ModSecurity V2 as a dynamic nginx module

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

We have been trying to test and try to "compile" ModSecurity V2 as a
dynamic module for Nginx.

*Nginx version: nginx/1.11.5 (nginx-plus-r11)*

We configure the ModSecurity V2 with these parameters:
*CFLAGS="$CFLAGS -fPIC" ./configure --enable-standalone-module
--disable-apache2-module --enable-pcre-jit*

Then we amend the resulting {{ModSecFolder}}/nginx/modsecurity/config file
by deleting everything except for CFLAGS and CORE_LIBS variables as well as
adding these lines:

*ngx_addon_name=ngx_http_modsecurityNGX_ADDON_SRCS="$NGX_ADDON_SRCS
\                $ngx_addon_dir/ngx_http_modsecurity.c \
$ngx_addon_dir/apr_bucket_nginx.c \
$ngx_addon_dir/ngx_pool_context.c"NGX_ADDON_DEPS="$NGX_ADDON_DEPS
\                $ngx_addon_dir/apr_bucket_nginx.h \
$ngx_addon_dir/ngx_pool_context.h"CORE_LIBS="$ngx_addon_dir/../../standalone/.libs/standalone.a
$CORE_LIBS"CORE_INCS="$CORE_INCS \        $ngx_addon_dir \
$ngx_addon_dir/../../standalone \
$ngx_addon_dir/../../apache2"ngx_module_type=HTTP_AUX_FILTERngx_module_name="$ngx_addon_name"ngx_module_srcs="$NGX_ADDON_SRCS"ngx_module_deps="$NGX_ADDON_DEPS"ngx_module_libs="$CORE_LIBS"ngx_module_incs="$CORE_INCS".
auto/module*

Then we build it using the nginx's dynamic module creation instructions
alongside with a few other modules.
The *"make modules" *command actually works and it produces a dynamic
library that you can load using the config. It even checks for
configuration errors and reports if there are any issues.

However,
upon runtime whenever the rules need to be actually run, this happens:

*Program received signal SIGFPE, Arithmetic exception.0x00007ffff5dc14a2 in
ngx_pool_set_ctx (pool=0x7fffef051c00, index=104,
data=data@entry=0x7fffef053278)    at
{{MODSECPATH}}/nginx/modsecurity/ngx_pool_context.c:131131
sizeof(hash)) % ngx_pool_context_hash_size;*

Looks like it's a division by 0, where ngx_pool_context_hash_size is a 0
and it seems never to be set via *ngx_pool_context_init_conf* function.

Our question is basically this: Has anyone tried and succeeded with
compiling a version of ModSecurity for nginx without using the currently in
development V3 (with the separate connector) ? Even if the dynamic module
is for the open source community version of nginx (rather than the ngnix+).

Many thanks,
Kestutis Armalis