ModSecurity and NGINX setup

DigiWorks

New member
Hello,

We run NGINX (without Apache) and we want to install ModSecurity. After a while i receive an error: 'apr_xml_parser' has no member named 'xp'

Code:
./build modsecurity
Apache libraries not detected, file /usr/lib/apache/libaprutil-1.so is not found.
Installing Apache libraries, needed for ModSecurity to work with nginx.


til/include -I/usr/local/directadmin/custombuild/httpd-2.4.37/srclib/apr-util/include/private  -I/usr/local/directadmin/custombuild/httpd-2.4.37/srclib/apr/include    -o xml/apr_xml.lo -c xml/apr_xml.c && touch xml/apr_xml.lo
xml/apr_xml.c:35:19: error: expat.h: No such file or directory
xml/apr_xml.c:66: error: expected specifier-qualifier-list before 'XML_Parser'
xml/apr_xml.c: In function 'cleanup_parser':
xml/apr_xml.c:364: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:365: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c: At top level:
xml/apr_xml.c:384: error: expected ';', ',' or ')' before '*' token
xml/apr_xml.c: In function 'apr_xml_parser_create':
xml/apr_xml.c:401: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:402: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:410: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:411: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:412: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:424: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:424: error: 'default_handler' undeclared (first use in this function)
xml/apr_xml.c:424: error: (Each undeclared identifier is reported only once
xml/apr_xml.c:424: error: for each function it appears in.)
xml/apr_xml.c: In function 'do_parse':
xml/apr_xml.c:434: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:438: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c:442: error: 'apr_xml_parser' has no member named 'xp_err'
xml/apr_xml.c:442: error: 'apr_xml_parser' has no member named 'xp'
xml/apr_xml.c: In function 'apr_xml_parser_geterror':
xml/apr_xml.c:500: error: 'apr_xml_parser' has no member named 'xp_err'
xml/apr_xml.c:500: error: 'apr_xml_parser' has no member named 'xp_err'
make[3]: *** [xml/apr_xml.lo] Error 1
make[3]: *** Waiting for unfinished jobs....
make[3]: Leaving directory `/usr/local/directadmin/custombuild/httpd-2.4.37/srclib/apr-util'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/local/directadmin/custombuild/httpd-2.4.37/srclib/apr-util'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/directadmin/custombuild/httpd-2.4.37/srclib'
make: *** [all-recursive] Error 1

*** The make has failed, would you like to try to make again? (y,n):
I checked if expat was installed but is running the latest version (Package expat-2.0.1-13.el6_8.x86_64 already installed and latest version)

Do i missed something?
 

smtalk

Verified User
Staff member
Are you sure you're running latest version of the custombuild script? May you let us know the result of "./build version" ?
 

DigiWorks

New member
Are you sure you're running latest version of the custombuild script? May you let us know the result of "./build version" ?
The output of ./build version is: 2.0.0 (rev: 1972)


If i rerun ./build modsecurity i receive an other error:

Code:
cc1plus: error: unrecognized command line option "-std=c++11"
cc1plus: error: unrecognized command line option "-std=c++11"
make[3]: *** [libmodsecurity_la-anchored_set_variable.lo] Error 1
make[3]: *** [libmodsecurity_la-modsecurity.lo] Error 1
make[3]: Leaving directory `/usr/local/directadmin/custombuild/modsecurity-v3.0.3/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/local/directadmin/custombuild/modsecurity-v3.0.3/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/local/directadmin/custombuild/modsecurity-v3.0.3/src'
make: *** [all-recursive] Error 1

*** The make has failed, would you like to try to make again? (y,n):
 

DigiWorks

New member
I noticed i had a old GCC version 4.4.7 under CentOs 6.10. I tried to compile it with 4.8.2 but i still receive an error:

Code:
/opt/rh/devtoolset-2/root/usr/libexec/gcc/x86_64-redhat-linux/4.8.2/ld: /usr/local/lib/libz.so.1: no version information available (required by /opt/rh/devtoolset-2/root/usr/lib64/libbfd-2.23.52.0.1-10.el6.so)
/usr/local/modsecurity/lib/libmodsecurity.so: undefined reference to `pcre_free_study'
collect2: error: ld returned 1 exit status
make[1]: *** [objs/nginx] Error 1
make[1]: Leaving directory `/usr/local/directadmin/custombuild/nginx-1.15.6'
make: *** [build] Error 2

*** The make has failed, would you like to try to make again? (y,n):
 

mean

Verified User
I noticed i had a old GCC version 4.4.7 under CentOs 6.10. I tried to compile it with 4.8.2 but i still receive an error:

Code:
/opt/rh/devtoolset-2/root/usr/libexec/gcc/x86_64-redhat-linux/4.8.2/ld: /usr/local/lib/libz.so.1: no version information available (required by /opt/rh/devtoolset-2/root/usr/lib64/libbfd-2.23.52.0.1-10.el6.so)
/usr/local/modsecurity/lib/libmodsecurity.so: undefined reference to `pcre_free_study'
collect2: error: ld returned 1 exit status
make[1]: *** [objs/nginx] Error 1
make[1]: Leaving directory `/usr/local/directadmin/custombuild/nginx-1.15.6'
make: *** [build] Error 2

*** The make has failed, would you like to try to make again? (y,n):
Hello i confirm this problem.
how to solve?
 

mean

Verified User
Hello zEitEr

Thank your for your answer. it doesn't work

libtool: compile: g++ -DHAVE_CONFIG_H -I. -std=c++11 -I.. -g -I../others -fPIC -O3 -I../headers -I/usr/local/include -DPCRE_HAVE_JIT -DWITH_MAXMIND -I/usr/local/include -I/usr/local/include/libxml2 -DWITH_LIBXML2 -g -O2 -MT libmodsecurity_la-modsecurity.lo -MD -MP -MF .deps/libmodsecurity_la-modsecurity.Tpo -c modsecurity.cc -fPIC -DPIC -o .libs/libmodsecurity_la-modsecurity.o
cc1plus: error: unrecognized command line option "-std=c++11"
cc1plus: error: unrecognized command line option "-std=c++11"
make[3]: *** [libmodsecurity_la-transaction.lo] Error 1
make[3]: *** [libmodsecurity_la-modsecurity.lo] Error 1
libtool: compile: g++ -DHAVE_CONFIG_H -I. -std=c++11 -I.. -g -I../others -fPIC -O3 -I../headers -I/usr/local/include -DPCRE_HAVE_JIT -DWITH_MAXMIND -I/usr/local/include -I/usr/local/include/libxml2 -DWITH_LIBXML2 -g -O2 -MT libmodsecurity_la-rule.lo -MD -MP -MF .deps/libmodsecurity_la-rule.Tpo -c rule.cc -fPIC -DPIC -o .libs/libmodsecurity_la-rule.o
cc1plus: error: unrecognized command line option "-std=c++11"
make[3]: *** [libmodsecurity_la-rule.lo] Error 1
make[3]: Leaving directory `/usr/local/directadmin/custombuild/modsecurity-v3.0.3/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/local/directadmin/custombuild/modsecurity-v3.0.3/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/local/directadmin/custombuild/modsecurity-v3.0.3/src'
make: *** [all-recursive] Error 1

*** The make has failed, would you like to try to make again? (y,n):
 

zEitEr

Super Moderator
The error cc1plus: error: unrecognized command line option "-std=c++11" happens due to an outdated gcc-c++ .
And it compiles fine on CentOS 6 with

- gcc-4.8.2-8.el6.x86_64
- gcc-c++-4.8.2-8.el6.x86_64
- libgcc-4.8.2-8.el6.x86_64

on my end.
 

mean

Verified User
zEitEr , Thank you very much.


---- work and perfect
cd /etc/yum.repos.d
wget http://linuxsoft.cern.ch/cern/scl/slc6-scl.repo
yum -y --nogpgcheck install devtoolset-3-gcc devtoolset-3-gcc-c++
scl enable devtoolset-3 bash
ref: https://github.com/ospray/ospray/wiki/Installing-(CPP11-enabled)-GCC4.9.1-on-CentOS-6.5



---- old method

wget http://people.centos.org/tru/devtools-2/devtools-2.repo -O /etc/yum.repos.d/devtools-2.repo
yum -y install devtoolset-2-gcc devtoolset-2-binutils
yum -y install devtoolset-2-gcc-c++ devtoolset-2-gcc-gfortran

export CC=/opt/rh/devtoolset-2/root/usr/bin/gcc
export CPP=/opt/rh/devtoolset-2/root/usr/bin/cpp
export CXX=/opt/rh/devtoolset-2/root/usr/bin/c++
 
Last edited:
Top