From 2517ddfc61644ce685906f4c0e853a0ee3a1de6c Mon Sep 17 00:00:00 2001
From: Nagy Karoly Gabriel <nagy.karoly@opensde.org>
Date: Fri, 8 Feb 2013 17:56:37 +0100
Subject: [PATCH] nginx: implemented NAXSI support.

---
 network/nginx/config.in  |  5 ++++-
 network/nginx/nginx.conf | 19 ++++++++++++++++++-
 network/nginx/nginx.desc |  1 +
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/network/nginx/config.in b/network/nginx/config.in
index 0560be9f2..45da016cb 100644
--- a/network/nginx/config.in
+++ b/network/nginx/config.in
@@ -2,7 +2,7 @@
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../nginx/config.in
-# Copyright (C) 2011 - 2012 The OpenSDE Project
+# Copyright (C) 2011 - 2013 The OpenSDE Project
 #
 # More information can be found in the files COPYING and README.
 #
@@ -34,6 +34,9 @@ if pkgcheck nginx X; then
 		bool "Lua Module"	SDECFG_PKG_NGINX_ADDON_MOD_LUA 0
 	fi
 
+	# NAXSI a web application firewall
+	bool "NAXSI Web Application Firewall"	SDECFG_PKG_NGINX_ADDON_NAXSI 0
+
 	# syslog support
 	bool "Nginx Syslog Patch"	SDECFG_PKG_NGINX_ADDON_SYSLOG_PATCH 0
 
diff --git a/network/nginx/nginx.conf b/network/nginx/nginx.conf
index 6adc1ef62..2cb88d654 100644
--- a/network/nginx/nginx.conf
+++ b/network/nginx/nginx.conf
@@ -2,7 +2,7 @@
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../nginx/nginx.conf
-# Copyright (C) 2009 - 2012 The OpenSDE Project
+# Copyright (C) 2009 - 2013 The OpenSDE Project
 # Copyright (C) 2006 The T2 SDE Project
 #
 # More information can be found in the files COPYING and README.
@@ -116,6 +116,18 @@ pkg_nginx_add_module() {
 	hook_add postpatch 5 "pkg_nginx_patch_module $1"
 }
 
+# NAXSI is a bit different than the other 3rd party modules
+# so it needs its own function
+#
+pkg_nginx_add_naxsi_premake() {
+	mkdir -p $builddir/addon-module/naxsi-core
+        tar -v $taropt $( match_source_file -p naxsi-core nginx ) --strip-components=1 -C $builddir/addon-module/naxsi-core
+        var_append confopt ' ' "--add-module=../addon-module/naxsi-core/naxsi_src"
+}
+pkg_nginx_add_naxsi_postmake() {
+	cp -a $builddir/addon-module/naxsi-core/naxsi_config/naxsi_core.rules $sysconfdir
+}
+
 # rrd graph module
 if [ "$SDECFG_PKG_NGINX_ADDON_MOD_RRDGRAPH" == 1 ] ; then
 	pkgprefix -t rrdtool
@@ -149,6 +161,11 @@ if [ "$SDECFG_PKG_NGINX_ADDON_MOD_LUA" == 1 ] ; then
 	hook_add prepatch 5 "pkg_nginx_add_module lua-nginx-module"
 fi
 
+if [ "$SDECFG_PKG_NGINX_ADDON_NAXSI" == 1 ] ; then
+	hook_add prepatch 5 "pkg_nginx_add_naxsi_premake"
+	hook_add postmake 5 "pkg_nginx_add_naxsi_postmake"
+fi
+
 if [ "$SDECFG_PKG_NGINX_ADDON_SYSLOG_PATCH" == 1 ] ; then
 	hook_add prepatch 5 "pkg_nginx_add_module nginx_syslog_patch"
 	hook_add prepatch 9 "var_append patchfiles ' ' '../addon-module/nginx_syslog_patch/syslog_$( cut -d. -f-2 <<< $ver)*.patch'"
diff --git a/network/nginx/nginx.desc b/network/nginx/nginx.desc
index 581aa5b3c..595873167 100644
--- a/network/nginx/nginx.desc
+++ b/network/nginx/nginx.desc
@@ -55,3 +55,4 @@
 [D] 2657180702 ngx_devel_kit-v0.2.17.tar.gz !https://github.com/simpl/ngx_devel_kit/tarball/v0.2.17
 [D] 1919597670 lua-nginx-module-v0.5.0rc3.tar.gz !https://github.com/chaoslawful/lua-nginx-module/tarball/v0.5.0rc3
 [D] 2285093227 nginx_syslog_patch-1.2.0-1.tar.gz !https://github.com/yaoweibin/nginx_syslog_patch/archive/for-nginx-1.2.0.tar.gz
+[D] 3708469603 naxsi-core-0.48.tgz http://naxsi.googlecode.com/files/