Because nginx version of modsecurity3-nginx port is 1.22 and not always compilation successful, it is possible to compile modsecurity from source.
Compiled modsecurity can be safely included in nginx from ports.
Everything (nginx and modsecurity3-nginx) can be compiled by running compile-nginx.sh :
compile-modsecurity.sh :
#!/bin/sh
#libModSecurity
rm -rf ModSecurity
git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
cd ModSecurity
git pull
git submodule init
git submodule update
./build.sh
./configure
gmake -j4
cd ..#nginx connector
rm -rf Modsecurity-nginx
git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
cd Modsecurity-nginx
git pull
cd ..
compile-nginx.sh:
#!/bin/sh
ver="1.28.0"
if [ ! -f nginx-${ver}.tar.gz ]; then
wget http://nginx.org/download/nginx-${ver}.tar.gz
fi
rm -rf nginx-${ver}
if [ ! -d nginx-${ver} ]; then
tar xvf nginx-${ver}.tar.gz
fi
./compile-modsecurity.sh
cd nginx-${ver}
./configure \
--prefix=/usr/local/nginx \
--pid-path=/var/run/nginx.pid \
--with-cc-opt='-DNGX_HAVE_INET6=0 -I /usr/local/include' \
--with-ld-opt='-L /usr/local/lib' \
--user=www \
--group=www \
--with-file-aio \
--with-google_perftools_module \
--with-http_v2_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-pcre \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--without-mail_imap_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-threads \
--with-stream=dynamic \
--with-http_v3_module \
--add-dynamic-module=../ModSecurity-nginxmake -j4if [ $? -eq 0 ]
then echo "Complilation successful"
else
echo "Compilation failed"
exit 1
fi
make install