nginx: add naxsi module

- this brings back naxsi support aka WAF for nginx

Signed-off-by: heil <heil@terminal-consulting.de>

net/nginx/Config.in

@@ -172,4 +172,9 @@ config NGINX_PCRE
 	prompt "Enable PCRE library usage"
 	default y
 
+config NGINX_NAXSI
+	bool
+	prompt "Enable NAXSI module"
+	default y
+
 endmenu

net/nginx/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nginx
 PKG_VERSION:=1.9.9
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://nginx.org/download/
@@ -83,6 +83,11 @@ define Package/nginx/conffiles
 /etc/nginx/
 endef
 
+ADDITIONAL_MODULES:=
+ifeq ($(CONFIG_NGINX_NAXSI),y)
+  ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src
+endif
+
 ADDITIONAL_MODULES:=
 ifeq ($(CONFIG_IPV6),y)
   ADDITIONAL_MODULES += --with-ipv6
@@ -209,6 +214,31 @@ define Package/nginx/install
 	$(INSTALL_DATA) $(addprefix $(PKG_INSTALL_DIR)/etc/nginx/,$(config_files)) $(1)/etc/nginx/
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx
+ifeq ($(CONFIG_NGINX_NAXSI),y)
+	$(INSTALL_DIR) $(1)/etc/nginx
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx
+	chmod 0640 $(1)/etc/nginx/naxsi_core.rules
+endif
+	$(if $(CONFIG_NGINX_NAXSI),$($(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx))
+	$(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules))
+endef
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	$(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi))
+endef
+
+define Download/nginx-naxsi
+	VERSION:=6358c3d2e68a0c9e3ad11661c2a1f63fadc9b4f2
+	SUBDIR:=nginx-naxsi
+	FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+	URL:=https://github.com/nbs-system/naxsi.git
+	PROTO:=git
+endef
+
+define  Prepare/nginx-naxsi
+	$(eval $(call Download,nginx-naxsi))
+	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
 endef
 
 $(eval $(call BuildPackage,nginx))