Skip to content

Cannot find modsecurity in /usr/local/modsecurity/include and /usr/local/modsecurity/lib/ #329

@bijancot

Description

@bijancot

Hi guys, so i try to build nginx with mod security with command look like this :

export TENGINE_VERSION=3.1.0
export YAJL_VERSION=2.1.0
export MODSEC_VERSION=v3.0.12
export MODSEC_NGX_VERSION=v1.0.3
export TEMP_DIR=/mnt/data/ehe/wrapper-tengine/install
export MODSECURITY_INC="/usr/local/modsecurity/include/"
export MODSECURITY_LIB="/usr/local/modsecurity/lib/"

mkdir -p ${TEMP_DIR} \
&& curl -fsSL https://github.com/openresty/luajit2/archive/${LUAJIT_VERSION}.tar.gz -o luajit.tar.gz \
&& tar zxf luajit.tar.gz -C ${TEMP_DIR} \
&& cd ${TEMP_DIR}/luajit2-${LUAJIT_VERSION#v} \
&& make -j4 && make install -j4 \
&& export LUAJIT_INC=/usr/local/include/luajit-2.1 \
&& export LUAJIT_LIB=/usr/local/lib \
&& ln -sf luajit /usr/local/bin/luajit \
&& cd .. \
&& curl -fsSL https://github.com/lloyd/yajl/archive/refs/tags/${YAJL_VERSION}.tar.gz -o yajl.tar.gz \
&& tar zxf yajl.tar.gz -C ${TEMP_DIR} \
&& cd ${TEMP_DIR}/yajl-${YAJL_VERSION} \
&& ./configure && make && make -j4 install -j4 \
&& ldconfig /usr/local/lib \

# rm -Rf ${TEMP_DIR}/modsecurity-${MODSEC_VERSION} \
git clone --depth 1 -b v3/master --single-branch https://github.com/owasp-modsecurity/ModSecurity ${TEMP_DIR}/modsecurity-${MODSEC_VERSION} \
&& cd ${TEMP_DIR}/modsecurity-${MODSEC_VERSION} \
&& git submodule init \
&& git submodule update \
&& ./build.sh \
&& ./configure \
&& make -j4 \
&& make install -j4

cd ${TEMP_DIR}/tengine-${TENGINE_VERSION} \
&& MODSECURITY_INC="/usr/local/modsecurity/include/" MODSECURITY_LIB="/usr/local/modsecurity/lib/" ./configure --with-ld-opt="-lpcre" --prefix=/etc/nginx --sbin-path=/usr/sbin  \
        --error-log-path=/var/log/nginx/error.log \
        --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx.pid \
	--add-dynamic-module=${TEMP_DIR}/modsecurity-nginx-${MODSEC_NGX_VERSION} \
	--with-compat \
&& make -j4 && make install -j4

but it always give me this error

checking for ModSecurity library in "/usr/local/modsecurity/lib/" and "/usr/local/modsecurity/include/" (specified by the MODSECURITY_LIB and MODSECURITY_INC env) ... not found
        ./configure: error: ngx_http_modsecurity_module requires the ModSecurity library and MODSECURITY_LIB is defined as "/usr/local/modsecurity/lib/" and MODSECURITY_INC (path for modsecurity.h) "/usr/local/modsecurity/include/", but we cannot find ModSecurity there.

i already follow the steps in repository and even execute steps that suggested like :

libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin:/sbin" ldconfig -n /usr/local/modsecurity/lib
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/local/modsecurity/lib

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the 'LD_RUN_PATH' environment variable
     during linking
   - use the '-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to '/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages

and this is the directory of modsecurity looks like :

/usr/local/modsecurity
├── bin
│   └── modsec-rules-check
├── include
│   └── modsecurity
│       ├── actions
│       │   └── action.h
│       ├── anchored_set_variable.h
│       ├── anchored_set_variable_translation_proxy.h
│       ├── anchored_variable.h
│       ├── audit_log.h
│       ├── collection
│       │   ├── collection.h
│       │   └── collections.h
│       ├── debug_log.h
│       ├── intervention.h
│       ├── modsecurity.h
│       ├── reading_logs_via_rule_message.h
│       ├── rule.h
│       ├── rule_marker.h
│       ├── rule_message.h
│       ├── rules_exceptions.h
│       ├── rules.h
│       ├── rules_set.h
│       ├── rules_set_phases.h
│       ├── rules_set_properties.h
│       ├── rule_unconditional.h
│       ├── rule_with_actions.h
│       ├── rule_with_operator.h
│       ├── transaction.h
│       ├── variable_origin.h
│       └── variable_value.h
└── lib
    ├── libmodsecurity.a
    ├── libmodsecurity.la
    ├── libmodsecurity.so -> libmodsecurity.so.3.0.12
    ├── libmodsecurity.so.3 -> libmodsecurity.so.3.0.12
    ├── libmodsecurity.so.3.0.12
    └── pkgconfig
        └── modsecurity.pc

any other suggestion regarding this issues?

Activity

bijancot

bijancot commented on Aug 22, 2024

@bijancot
Author

Found something regarding this issue. It's look like issue only appear when i using build from source modsecurity. all working well if i using package from repo.

Any other suggestion to solve this issue in case install and download from repos cannot be done some times?

Best Regards,
bijancot

airween

airween commented on Oct 17, 2024

@airween
Member

Hi @bijancot,

you should try to pass CFLAGS when you build Tengine and ModSecurity connector:

export CFLAGS="-I/usr/local/modsecurity/headers -L/usr/local/modsecurity/lib"
bijancot

bijancot commented on Oct 17, 2024

@bijancot
Author

Thank's for the suggestion. Would try it soon

evgeny-bushuev-incountry

evgeny-bushuev-incountry commented on Dec 23, 2024

@evgeny-bushuev-incountry

Have the same issue on alpine-3.21 when configure nginx from source:

./configure --with-compat --add-dynamic-module=/opt/ModSecurity-nginx
#33 1.229 checking for OS
#33 1.241  + Linux 5.15.0-1068-gcp x86_64
#33 1.241 checking for C compiler ... found
#33 1.289  + using GNU C compiler
#33 1.291  + gcc version: 14.2.0 (Alpine 14.2.0) 
...
#33 5.232 adding module in /opt/ModSecurity-nginx
#33 5.232 checking for ModSecurity library ... not found
#33 5.252 checking for ModSecurity library in /usr/local/modsecurity ... not found
#33 5.275  ./configure: error: ngx_http_modsecurity_module requires the ModSecurity library.

when I configure nginx on alpine-3.20 it ends up successfully:

./configure --with-compat --add-dynamic-module=/opt/ModSecurity-nginx
#28 1.250 checking for OS
#28 1.257  + Linux 5.15.0-1068-gcp x86_64
#28 1.257 checking for C compiler ... found
#28 1.294  + using GNU C compiler
#28 1.296  + gcc version: 13.2.1 20240309 (Alpine 13.2.1_git20240309) 
...
#28 4.287 adding module in /opt/ModSecurity-nginx
#28 4.287 checking for ModSecurity library ... not found
#28 4.302 checking for ModSecurity library in /usr/local/modsecurity ... found
#28 4.335  + ngx_http_modsecurity_module was configured
logopk

logopk commented on May 31, 2025

@logopk

I can add a me too on debian bookworm in a docker-compose build. I have tried all the above suggestions with

ENV MODSECURITY_INC /usr/local/modsecurity/include/
ENV MODSECURITY_LIB /usr/local/modsecurity/lib/
ENV CFLAGS -I/usr/local/modsecurity/headers -L/usr/local/modsecurity/lib

I am trying too build nginx with opnessl 3.5 to get PQC ciphers...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @airween@logopk@bijancot@evgeny-bushuev-incountry

        Issue actions

          Cannot find modsecurity in /usr/local/modsecurity/include and /usr/local/modsecurity/lib/ · Issue #329 · owasp-modsecurity/ModSecurity-nginx