v2 NGINX module fails to compile against NGINX 1.23.0

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://www.modsecurity.org

Apache License 2.0

8.21k stars 1.6k forks source link

v2 NGINX module fails to compile against NGINX 1.23.0 #2768

Closed dvershinin closed 2 years ago

dvershinin commented 2 years ago

In NGINX 1.23.0 some changes were made in regards to headers structure. The NGINX module fails to compile with:

ModSecurity-2.9.5/nginx/modsecurity/ngx_http_modsecurity.c: In function 'ngx_http_modsecurity_save_headers_in':
ModSecurity-2.9.5/nginx/modsecurity/ngx_http_modsecurity.c:382:38: error: 'ngx_http_headers_in_t' has no member named 'cookies'
     if (ngx_array_init(&r->headers_in.cookies, r->pool, 2,
                                      ^

martinhsv commented 2 years ago

For use with nginx, you should use ModSecurity v3.

ModSecurity v2 with nginx is not a supported combination.