6 files changed, 53 insertions, 22 deletions

diff --git a/www/mod_security/Makefile b/www/mod_security/Makefile
index f5d275c3083e..62a19ef78a7a 100644
--- a/www/mod_security/Makefile
+++ b/www/mod_security/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	mod_security
-PORTVERSION=	2.9.0
+PORTVERSION=	2.9.1
 CATEGORIES=	www security
 MASTER_SITES=	http://www.modsecurity.org/tarball/${PORTVERSION}/
 PKGNAMEPREFIX=	${APACHE_PKGNAMEPREFIX}
@@ -34,18 +34,16 @@ DOCSDIR=	${PREFIX}/share/doc/${MODULENAME}
 
 SUB_FILES+=	pkg-message
 SUB_FILES+=	README
-SUB_LIST+=	APACHEETCDIR="${APACHEETCDIR}"
-SUB_LIST+=	APACHEMODDIR="${APACHEMODDIR}"
-
-PLIST_SUB+=	APXS="${APXS}"
-PLIST_SUB+=	APACHEMODDIR="${APACHEMODDIR}"
+SUB_FILES+=	${APMOD_FILE}.sample
+APMOD_FILE=	280_${PORTNAME}.conf
+SUB_LIST+=	APMOD_FILE=${APMOD_FILE}
 
 OPTIONS_DEFINE=	DOCS FUZZYHASH LUA MLOGC
 OPTIONS_SUB=	yes
 
 LUA_CONFIGURE_ON=	--with-lua=${LOCALBASE}
 LUA_CONFIGURE_OFF+=	--without-lua
-LUA_USES=		lua:51
+LUA_USES=		lua:51+
 
 MLOGC_DESC=		Build ModSecurity Log Collector
 MLOGC_CONFIGURE_ON=	--disable-errors
@@ -79,4 +77,7 @@ post-install:
 	(cd ${WRKSRC} && ${COPYTREE_SHARE} doc ${STAGEDIR}${DOCSDIR})
 	${INSTALL_DATA} ${WRKDIR}/README ${STAGEDIR}${DOCSDIR}
 
+	@${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d
+	${INSTALL_DATA} ${WRKDIR}/${APMOD_FILE}.sample ${STAGEDIR}${PREFIX}/${APACHEETCDIR}/modules.d
+
 .include <bsd.port.mk>
diff --git a/www/mod_security/distinfo b/www/mod_security/distinfo
index f71c858036d4..c3969e5b7986 100644
--- a/www/mod_security/distinfo
+++ b/www/mod_security/distinfo
@@ -1,2 +1,2 @@
-SHA256 (modsecurity-2.9.0.tar.gz) = e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434
-SIZE (modsecurity-2.9.0.tar.gz) = 4246467
+SHA256 (modsecurity-2.9.1.tar.gz) = 958cc5a7a7430f93fac0fd6f8b9aa92fc1801efce0cda797d6029d44080a9b24
+SIZE (modsecurity-2.9.1.tar.gz) = 4261212
diff --git a/www/mod_security/files/280_mod_security.conf.sample.in b/www/mod_security/files/280_mod_security.conf.sample.in
new file mode 100644
index 000000000000..5875de089844
--- /dev/null
+++ b/www/mod_security/files/280_mod_security.conf.sample.in
@@ -0,0 +1,25 @@
+## $FreeBSD$
+## vim: set filetype=apache:
+##
+## module file for mod_security
+##
+## PROVIDE: mod_security2
+## REQUIRE: mod_unique_id
+
+##
+## To enable ModSecurity in Apache, enable the modules
+##  mod_unique_id (in httpd.conf) and
+##  mod_security2 in this config file
+##
+## Additionally, load configuration and rules with an Include line from
+##  %%ETCDIR%%/*.conf
+##
+## Most users will use the signatures from the OWASP Core Rule Set (CRS).
+## For configuration instructions, see %%DOCSDIR%%/README.
+##
+
+## apache modules for mod_security
+#LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so
+#LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so
+#Include %%ETCDIR%%/*.conf
+
diff --git a/www/mod_security/files/README.in b/www/mod_security/files/README.in
index db818871284d..9c13fcd1248e 100644
--- a/www/mod_security/files/README.in
+++ b/www/mod_security/files/README.in
@@ -1,10 +1,14 @@
 Configuring ModSecurity on FreeBSD
 ----------------------------------
 
-To enable ModSecurity in Apache, add the following to your httpd.conf:
+To enable ModSecurity in Apache, follow the instructions in
 
-  LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so
-  Include etc/modsecurity/*.conf
+ %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%
+
+ModSecurity has various configuration options.
+To change them, edit the following file:
+
+ %%ETCDIR%%/modsecurity.conf
 
 Getting the Core Rule Set
 -------------------------
@@ -16,11 +20,13 @@ for all our ModSecurity related stuff, and clone the CRS repository
 under it.
 
   pkg install git
-  cd /usr/local/etc/modsecurity
+  cd %%ETCDIR%%
   git clone https://github.com/SpiderLabs/owasp-modsecurity-crs
   cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \
     crs.conf
 
+The CRS has various config options. To change them, edit crs.conf.
+
 To activate the CRS base rules, add the following to your httpd.conf:
 
   Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf
@@ -78,6 +84,6 @@ exceptions.
 You probably want to keep the CRS updated from time to time. You can
 do this with Git:
 
-  cd /usr/local/etc/modsecurity/owasp-modsecurity-crs
+  cd %%ETCDIR%%/owasp-modsecurity-crs
   git pull
   apachectl restart
diff --git a/www/mod_security/files/pkg-message.in b/www/mod_security/files/pkg-message.in
index b8ef75171f41..2321df487a7b 100644
--- a/www/mod_security/files/pkg-message.in
+++ b/www/mod_security/files/pkg-message.in
@@ -1,9 +1,8 @@
 
 You have installed ModSecurity.
-To enable ModSecurity in Apache, add the following to your httpd.conf:
+To enable ModSecurity in Apache, follow the instructions in 
 
-  LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so
-  Include etc/modsecurity/*.conf
+ %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%
 
 Most users will use the signatures from the OWASP Core Rule Set (CRS).
 For configuration instructions, see %%DOCSDIR%%/README.
diff --git a/www/mod_security/pkg-plist b/www/mod_security/pkg-plist
index fb9385642d4f..0bbb04ec1990 100644
--- a/www/mod_security/pkg-plist
+++ b/www/mod_security/pkg-plist
@@ -1,8 +1,8 @@
+%%MLOGC%%bin/mlogc
+%%MLOGC%%bin/mlogc-batch-load.pl
 bin/rules-updater.pl
-lib/mod_security2.so
-%%APACHEMODDIR%%/mod_security2.so
-@comment @exec %%APXS%% -e -n unique_id -a %%APACHEMODDIR%%/mod_unique_id.so
+@sample %%APACHEETCDIR%%/modules.d/280_mod_security.conf.sample
 @sample %%ETCDIR%%/modsecurity.conf.sample
 %%ETCDIR%%/unicode.mapping
-%%MLOGC%%bin/mlogc
-%%MLOGC%%bin/mlogc-batch-load.pl
+lib/%%AP_MODULE%%
+%%APACHEMODDIR%%/%%AP_MODULE%%