Closed theseion closed 7 months ago
We include the necessary files in https://github.com/coreruleset/modsecurity-crs-docker/blob/61bc83de721c0ccbd2d6d582512a10926d383d5e/apache/Dockerfile#L23, but looks like the configure script isn't finding those.
The docs say to LoadFile
Lua before ModSecurity: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#edit-the-main-apache-httpd-config-file-usually-httpdconf. We're probably not doing that.
It looks like it should work to do something like this (httpd actually appears to start with this):
LoadFile /usr/lib/aarch64-linux-gnu/liblua5.2.so.0.0.0
The path isn't great obviously, maybe wen can abstract it, or discover the file using find
.
Good plan.
And please try to support lua 5.4 if available. Did not test that, though. Lua 5.2 seems really old by now.
So... Lua support is actually enabled and works (for httpd at least). I'm checking the other images now.
And please try to support lua 5.4 if available. Did not test that, though. Lua 5.2 seems really old by now.
5.3 is the highest version supported by ModSecurity.
Ah sucks. Everything is old and rusty around ModSecurity.
ModSecurity has a
SecRuleScript
directive, which requires Lua support. We currently don't compile with Lua support.