4

I am trying to compile ModSecurity for the Nginx OSS web server. I have followed all of the instructions from their "Quick Start Guide", but am running into an issue. After linking up the new module, the config test fails.

Error output from /var/log/nginx/error.log is:

2018/02/10 00:47:51 [emerg] 6026#6026: module "/usr/share/nginx/modules/ngx_http_modsecurity_module.so" is not binary compatible in /etc/nginx/modules-enabled/50-mod-http-modsecurity.conf:1

originally the dynamic module was compiled with

sh ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx

but this results in the error.

from what I've read, I need to compile the module with identical options as the existing Nginx instance.

I found the current options using nginx -V, and then re-ran the ./configure using all of the output options, but this gives the same error.

Can anyone point me down the right path here?

Thanks for any help.

UPDATE 10/29/18

It seems the original binary also needs to be compiled with the --with-compat flag. I have submitted a bug report on the issue that can be found here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897926

Maybe it can get some traction.

Andrew Brown
  • 5,330
  • 3
  • 22
  • 39
  • Hi Andrew Brown, could you solve the issue? If so then how? Me too is facing the same issue. My Nginx version is 1.10.3. Thanks – Mushfiqur Rahman Nov 30 '18 at 04:43
  • I have not seen any movement on the bug report, but apparently the newest Nginx in the Ubuntu repository is compiled with `--with-compat`! hooray! I'm still messing around with getting it setup completely, but I've made it farther that ever before. You'll probably have to upgrade from 1.10.3. – Andrew Brown Nov 30 '18 at 18:24

1 Answers1

1

I had a similar issue. I was using Nginx 1.10.3 which is the default for Debian Stretch. This version does not seem to work with the latest Nginx ModSecurity connector.

I removed the default Nginx version and installed the latest stable Nginx from http://nginx.org/en/linux_packages.html. After that I was able to install and load the ModSecurity module for Nginx without problems. I followed this guide: https://www.linuxjournal.com/content/modsecurity-and-nginx for installing the ModSecurity module for Nginx.

The latest stable version of Nginx which is 1.14.2 supports the --with-compat flag. When compiling Nginx source code make sure to use the same compiler options that were used with your running Nginx. To find out which compile time options were used to build your currently running Nginx, run the command: nginx -V

Nadir Latif
  • 3,690
  • 1
  • 15
  • 24