From 67a9f67cc43c573eeaf80c167f8e280358d64192 Mon Sep 17 00:00:00 2001
From: heil <heil@terminal-consulting.de>
Date: Mon, 25 Jan 2016 16:57:07 +0100
Subject: [PATCH] nginx: add naxsi module

 - this brings back naxsi support aka WAF for nginx

Signed-off-by: heil <heil@terminal-consulting.de>
---
 net/nginx/Config.in |  5 +++++
 net/nginx/Makefile  | 32 +++++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/net/nginx/Config.in b/net/nginx/Config.in
index a4cc4c8c8e..6482d9d284 100644
--- a/net/nginx/Config.in
+++ b/net/nginx/Config.in
@@ -172,4 +172,9 @@ config NGINX_PCRE
 	prompt "Enable PCRE library usage"
 	default y
 
+config NGINX_NAXSI
+	bool
+	prompt "Enable NAXSI module"
+	default y
+
 endmenu
diff --git a/net/nginx/Makefile b/net/nginx/Makefile
index 6486f5ebb9..6bce6a2a1d 100644
--- a/net/nginx/Makefile
+++ b/net/nginx/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nginx
 PKG_VERSION:=1.9.9
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://nginx.org/download/
@@ -83,6 +83,11 @@ define Package/nginx/conffiles
 /etc/nginx/
 endef
 
+ADDITIONAL_MODULES:=
+ifeq ($(CONFIG_NGINX_NAXSI),y)
+  ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src
+endif
+
 ADDITIONAL_MODULES:=
 ifeq ($(CONFIG_IPV6),y)
   ADDITIONAL_MODULES += --with-ipv6
@@ -209,6 +214,31 @@ define Package/nginx/install
 	$(INSTALL_DATA) $(addprefix $(PKG_INSTALL_DIR)/etc/nginx/,$(config_files)) $(1)/etc/nginx/
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx
+ifeq ($(CONFIG_NGINX_NAXSI),y)
+	$(INSTALL_DIR) $(1)/etc/nginx
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx
+	chmod 0640 $(1)/etc/nginx/naxsi_core.rules
+endif
+	$(if $(CONFIG_NGINX_NAXSI),$($(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx))
+	$(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules))
+endef
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	$(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi))
+endef
+
+define Download/nginx-naxsi
+	VERSION:=6358c3d2e68a0c9e3ad11661c2a1f63fadc9b4f2
+	SUBDIR:=nginx-naxsi
+	FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+	URL:=https://github.com/nbs-system/naxsi.git
+	PROTO:=git
+endef
+
+define  Prepare/nginx-naxsi
+	$(eval $(call Download,nginx-naxsi))
+	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
 endef
 
 $(eval $(call BuildPackage,nginx))
-- 
2.30.2