From 55a425705956c4c41b6ecb2036412baf8e32e6e8 Mon Sep 17 00:00:00 2001 From: Eduardo Arias Date: Fri, 17 May 2024 19:45:56 -0300 Subject: [PATCH] Updated information about dependencies and Windows support. - Leverage relative paths in links --- README.md | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index d41e19d22..fb673b87f 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ capability to load/interpret rules written in the ModSecurity SecRules format and apply them to HTTP content provided by your application via Connectors. If you are looking for ModSecurity for Apache (aka ModSecurity v2.x), it is still under maintenance and available: -[here](https://github.com/owasp-modsecurity/ModSecurity/tree/v2/master). +[here](../../tree/v2/master). ### What is the difference between this project and the old ModSecurity (v2.x.x)? @@ -37,7 +37,7 @@ As a result of this goal we have rearchitected Libmodsecurity such that it is no ### It is no longer just a module. -The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it understands. Each of these connectors is maintained as a separate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (https://github.com/owasp-modsecurity/ModSecurity-nginx). +The 'ModSecurity' branch no longer contains the traditional module logic (for Nginx, Apache, and IIS) that has traditionally been packaged all together. Instead, this branch only contains the library portion (libmodsecurity) for this project. This library is consumed by what we have termed 'Connectors' these connectors will interface with your webserver and provide the library with a common format that it understands. Each of these connectors is maintained as a separate GitHub project. For instance, the Nginx connector is supplied by the ModSecurity-nginx project (../../../ModSecurity-nginx). Keeping these connectors separated allows each project to have different release cycles, issues and development trees. Additionally, it means that when you install ModSecurity v3 you only get exactly what you need, no extras you won't be using. @@ -53,8 +53,6 @@ regression tests. These test utilities are located under the subfolder ‘tests As a dynamic library, don’t forget that libmodsecurity must be installed to a location (folder) where you OS will be looking for dynamic libraries. - - ### Unix (Linux, MacOS, FreeBSD, …) On unix the project uses autotools to help the compilation process. @@ -67,24 +65,24 @@ $ sudo make install ``` Details on distribution specific builds can be found in our Wiki: -[Compilation Recipes](https://github.com/owasp-modsecurity/ModSecurity/wiki/Compilation-recipes) +[Compilation Recipes](../../wiki/Compilation-recipes) ### Windows -Windows build is not ready yet. - +Windows build information can be found [here](build/win32/README.md). ## Dependencies This library is written in C++ using the C++17 standards. It also uses Flex -and Yacc to produce the “Sec Rules Language” parser. Other, mandatory dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre (not yet mandatory) for processing regular expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML requests. +and Yacc to produce the “Sec Rules Language” parser. Other dependencies include YAJL, as ModSecurity uses JSON for producing logs and its testing framework, libpcre for processing regular expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML requests. -All others dependencies are related to operators specified within SecRules or configuration directives and may not be required for compilation. A short list of such dependencies is as follows: +All others dependencies are related to operators specified within SecRules or configuration directives and may not be required for compilation. If those libraries are missing ModSecurity will be compiled without the support for the associated operator or configuration directive. -* libinjection is needed for the operator @detectXSS and @detectSQL -* curl is needed for the directive SecRemoteRules. +A short list of such dependencies is as follows: -If those libraries are missing ModSecurity will be compiled without the support for the operator @detectXSS and the configuration directive SecRemoteRules. +* libinjection is needed for the operator [@detectXSS](../../wiki/Reference-Manual-%28v3.x%29#detectxss) and [@detectSQL](../../wiki/Reference-Manual-%28v3.x%29#detectsqli). +* curl is needed for the directive [SecRemoteRules](../../wiki/Reference-Manual-%28v3.x%29#user-content-SecRemoteRules). +* LUA is needed for the directive [SecRuleScript](../../wiki/Reference-Manual-%28v3.x%29#secrulescript). # Library documentation @@ -274,4 +272,4 @@ if there is anything we can do to facilitate your work as a packager. ## Sponsor Note -Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/ +Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found [here](https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/).