`.deb` package upload `libnginx-mod-http-modsecurity` to `packages.debian.org`

[adrelanos]

Is there any chance you could please upload libnginx-mod-http-modsecurity to packages.debian.org?

The only major mod that is somehow missing in Debian.

//cc @airween because he's thankfully maintaining other Debian packages among modsecurity related packages.

https://qa.debian.org/developer.php?login=airween%40gmail.com

[airween]

Hi @adrelanos,

I already tried to add this packages twice: I asked the nginx's maintainer, but never got any answer. With @inittab (head maintainer of ModSecurity related packages in Debian) we tried later too, with still no luck.

I can still suggest to use our non-official repository:

https://modsecurity.digitalwave.hu

I know I'm a bit lagging with some versions, but libmodsecurity3 and mod-security2 is newer than in Debian. The web server versions (Nginx, Apache) is the same, so it's enough to install the WAF module from there, not the full server.

But I'll try to contact the Nginx maintainers again soon.

[airween]

Also please note, that even if it were added, it could only be accessed later, in Debian 12, because of the Debian policy does not allow to add any new packages for a stable system.

[adrelanos]

Oh, I didn't know it's up to Debian's nginx maintainer.

I can still suggest to use our non-official repository:

https://modsecurity.digitalwave.hu/

Yes, meanwhile it's a great public service and very much appreciated!

Also please note, that even if it were added, it could only be accessed later, in Debian 12, because of the Debian policy does not allow to add any new packages for a stable system.

Yes, that's understood. (Just would be nice if this was resolved at some point even if in a few years such as Debian stable + 1 or even Debian stable + 2.)

[airween]

Yes, that's understood. (Just would be nice if this was resolved at some point even if in a few years such as Debian stable + 1 or even Debian stable + 2.)

sure - but the mentioned repository above actually supports Debian 9, 10 and 11, and will supports always the current stable releases. And (if I have time :)) it always contains the most fresh versions, while Debian does not allow it too.

[adrelanos]

An RFP (request for packaging) has been posted to Debian by me just now: RFP: libnginx-mod-http-modsecurity - ModSecurity v3 Nginx Connector

I couldn't find the /debian folder for libnginx-mod-http-modsecurity on github. Could you point me please to / add? Then I can append it to the RFP.

Thank you again for all your work, it's much appreciated!

[airween]

I couldn't find the /debian folder for libnginx-mod-http-modsecurity on github. Could you point me please to / add? Then I can append it to the RFP.

You don't need to add it - this module will be part of the /debian directory.

I also commented your RFP under the bug report, and mentioned my first attempt to add this module.

There you can see, how Nginx modules are stored:

The repository itself contains a /debian directory. Under that, there are the added modules, in a separated directory. Finally, there is the ModSecurity module.

[martinhsv]

Since this isn't really a work item for this project, I expect that there's no further advantage in keeping this open.

Closing ...