This article will guide you to build your own ModSecurity WASM library using Emscripten toolchain.
You can refer to the following steps to install the latest Emscripten
.
# Get the emsdk repo
git clone https://github.com/emscripten-core/emsdk.git
# Enter that directory
cd emsdk
# Fetch the latest version of the emsdk (not needed the first time you clone)
git pull
# Download and install the SDK tools (version used by envoy).
./emsdk install 2.0.7
# Make the "latest" SDK "active" for the current user. (writes .emscripten file)
./emsdk activate 2.0.7
# Activate PATH and other environment variables in the current terminal
source ./emsdk_env.sh
-
Download
wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-12/wasi-sdk-12.0-linux.tar.gz
-
Export it to
/opt/wasi-sdk
-
Configure
export WASI_SDK_PATH="/opt/wasi-sdk"
# Get the pcre library source code
git clone https://github.com/maxfierke/libpcre.git -b mf-wasm32-wasi-cross-compile
cd libpcre
# This should compile successfully and place the compiled .a static library in targets/wasm32-wasi
Run ./build_for_crystal.sh.
# Copy the wams library to target directory
cp targets/wasm32-wasi/*.a /usr/local/pcre
# This is version for WASM ModSecurity
git clone https://github.com/leyao-daily/ModSecurity.git
cd ModSecurity
# Build the configuration script
./build.sh
# Download the submodule
git submodule init
git submodule update
# Configure ModSecurity with core functions
emconfigure ./configure --without-yajl --without-geoip --without-libxml --without-curl --without-lua --disable-shared --disable-examples --disable-libtool-lock --disable-debug-logs --disable-mutex-on-pm --without-lmdb --without-maxmind --without-ssdeep --with-pcre=./pcre-config
# Build the library
emmake make -j <num_cpus>
# Install the library
emmake make install
emcc test.cc -L/usr/local/modsecurity/lib/ -lmodsecurity -L/usr/local/pcre/ -lpcre -o test.wasm -I/usr/local/modsecurity/include/