diff --git a/www-apache/mod_security/Manifest b/www-apache/mod_security/Manifest
new file mode 100644
index 0000000..0d2a606
--- /dev/null
+++ b/www-apache/mod_security/Manifest
@@ -0,0 +1,2 @@
+DIST modsecurity-2.9.6.tar.gz 4316582 BLAKE2B f344f8630218c401a3b0eb0de9f5f23d9d1f9f65bf5c4cff2d8d0ea3ebd27cf0202ce2199b1c6d923237ee49a3b151cce46a8de3563fa743cf119c8c25270af3 SHA512 54b3316950094b3951fcfdd82bbacd34dfa8f5500b9a772d3296f411711bad0dcad51068b25cb2c196fdc4b2e1095d54701370d25180c0c68cf0913bd7d4ea03
+DIST modsecurity-2.9.7.tar.gz 4320766 BLAKE2B 2e0c62ae4f6fcef0b41bf1f74ab5acbae485e728f35bf621a96e622d86e2256c7e052d3a452ff49a4c4cb824243e71a706f9a5868bb3f77e37191a1dfe1b371b SHA512 a333d142f0dedf332a3cccca8267ccf9193cd4ad5a026b3cdbe0713dd1f3edde33739eae8baced2c63409cc0b220001e0a226ea032874a97c08e4065eb1fbdd5
diff --git a/www-apache/mod_security/files/79_mod_security.conf b/www-apache/mod_security/files/79_mod_security.conf
new file mode 100644
index 0000000..8c7e128
--- /dev/null
+++ b/www-apache/mod_security/files/79_mod_security.conf
@@ -0,0 +1,19 @@
+<IfDefine SECURITY>
+  LoadModule security2_module modules/mod_security2.so
+
+  # These paths are Gentoo-specific, created by the ebuild.
+  SecDataDir /var/lib/modsecurity/data
+  SecTmpDir /var/lib/modsecurity/tmp
+  SecUploadDir /var/lib/modsecurity/upload
+
+  # A copy of upstream's modsecurity.conf-recommended is installed
+  # along with the documentation for mod_security. It contains many
+  # recommended settings that you should evaluate for your system.
+  # The full documentation for the available settings can be found
+  # in the mod_security reference manual, at
+  #
+  #   https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual
+  #
+  # and in particular in the "Configuration Directives" setting.
+  #
+</IfDefine>
diff --git a/www-apache/mod_security/files/mod_security-2.9.3-autoconf_lua_package_name.patch b/www-apache/mod_security/files/mod_security-2.9.3-autoconf_lua_package_name.patch
new file mode 100644
index 0000000..733524e
--- /dev/null
+++ b/www-apache/mod_security/files/mod_security-2.9.3-autoconf_lua_package_name.patch
@@ -0,0 +1,11 @@
+--- a/build/find_lua.m4
++++ b/build/find_lua.m4
+@@ -16,7 +16,7 @@
+ LUA_LDADD=""
+ LUA_LDFLAGS=""
+ LUA_CONFIG=${PKG_CONFIG}
+-LUA_PKGNAMES="lua5.1 lua-5.1 lua_5.1 lua-51 lua_51 lua51 lua5 lua lua5.2 lua-5.2 lua_5.2 lua-52 lua_52 lua52 lua5.3 lua-5.3 lua_5.3 lua-53 lua_53 lua53 "
++LUA_PKGNAMES="lua "
+ LUA_SONAMES="so la sl dll dylib a"
+ 
+ AC_ARG_WITH(
diff --git a/www-apache/mod_security/files/modsecurity-2.7.conf b/www-apache/mod_security/files/modsecurity-2.7.conf
new file mode 100644
index 0000000..43508bc
--- /dev/null
+++ b/www-apache/mod_security/files/modsecurity-2.7.conf
@@ -0,0 +1,15 @@
+<IfDefine SECURITY>
+LoadModule security2_module modules/mod_security2.so
+
+# Enable looking up geolocation data from MaxMind's GeoIP database
+SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
+
+SecDataDir /var/cache/modsecurity
+
+# Define here your http:BL API key if any
+# see http://www.projecthoneypot.org/httpbl_api.php
+#SecHttpBlKey xxxxxxxx
+</IfDefine>
+
+# -*- apache -*-
+# vim: ts=4 filetype=apache
diff --git a/www-apache/mod_security/mod_security-2.9.7.ebuild b/www-apache/mod_security/mod_security-2.9.7.ebuild
new file mode 100644
index 0000000..50dcea0
--- /dev/null
+++ b/www-apache/mod_security/mod_security-2.9.7.ebuild
@@ -0,0 +1,131 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+LUA_COMPAT=( lua5-{1..3} )
+
+inherit autotools apache-module lua-single
+
+MY_PN=modsecurity
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="Application firewall and intrusion detection for Apache"
+HOMEPAGE="https://github.com/SpiderLabs/ModSecurity"
+SRC_URI="https://github.com/SpiderLabs/ModSecurity/releases/download/v${PV}/${MY_P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86 ~arm ~arm64"
+IUSE="doc fuzzyhash geoip jit json lua mlogc pcre2"
+
+REQUIRED_USE="lua? ( ${LUA_REQUIRED_USE} )"
+
+DEPEND="dev-libs/apr:1=
+	dev-libs/apr-util:1[openssl]
+	dev-libs/expat
+	dev-libs/libxml2
+	dev-libs/libpcre[jit?]
+	net-misc/curl
+	sys-apps/util-linux
+	sys-libs/gdbm:=
+	virtual/libcrypt:=
+	fuzzyhash? ( app-crypt/ssdeep )
+	json? ( dev-libs/yajl )
+	lua? ( ${LUA_DEPS} )
+	mlogc? ( net-misc/curl )
+	pcre2? ( dev-libs/libpcre2:= )
+	www-servers/apache[apache2_modules_unique_id]"
+BDEPEND="doc? ( app-doc/doxygen )"
+RDEPEND="${DEPEND}
+	geoip? ( dev-libs/geoip )
+	mlogc? ( dev-lang/perl )"
+PDEPEND=">=www-apache/modsecurity-crs-3.3.2"
+
+S="${WORKDIR}/${MY_P}"
+
+APACHE2_MOD_FILE="apache2/.libs/${PN}2.so"
+APACHE2_MOD_CONF="79_${PN}"
+APACHE2_MOD_DEFINE="SECURITY"
+
+# Tests require symbols only defined within the Apache binary.
+RESTRICT=test
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.9.3-autoconf_lua_package_name.patch
+)
+
+need_apache2
+
+pkg_setup() {
+	_init_apache2
+	_init_apache2_late
+	use lua && lua-single_pkg_setup
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	local myconf=(
+		--disable-static
+		--enable-request-early
+		--with-apxs="${APXS}"
+		--with-pic
+		$(use_enable doc docs)
+		$(use_enable jit pcre-jit)
+		$(use_enable lua lua-cache)
+		$(use_enable mlogc)
+		$(use_with fuzzyhash ssdeep)
+		$(use_with json yajl)
+		$(use_with lua)
+		$(use_with pcre2)
+	)
+
+	econf ${myconf[@]}
+}
+
+src_compile() {
+	default
+}
+
+src_install() {
+	apache-module_src_install
+
+	dodoc CHANGES README.md modsecurity.conf-recommended unicode.mapping
+
+	if use doc; then
+		dodoc -r doc/apache/html
+	fi
+
+	if use mlogc; then
+		insinto /etc/
+		newins mlogc/mlogc-default.conf mlogc.conf
+		dobin mlogc/mlogc
+		dobin mlogc/mlogc-batch-load.pl
+		newdoc mlogc/INSTALL INSTALL-mlogc
+	fi
+
+	# Use /var/lib instead of /var/cache. This stuff is "persistent,"
+	# and isn't a cached copy of something that we can recreate.
+	# Bug 605496.
+	keepdir /var/lib/modsecurity
+	fowners apache:apache /var/lib/modsecurity
+	fperms 0750 /var/lib/modsecurity
+	for dir in data tmp upload; do
+		keepdir "/var/lib/modsecurity/${dir}"
+		fowners apache:apache "/var/lib/modsecurity/${dir}"
+		fperms 0750 "/var/lib/modsecurity/${dir}"
+	done
+}
+
+pkg_postinst() {
+	elog "The base configuration file has been renamed ${APACHE2_MOD_CONF}"
+	elog "so that you can put your own configuration in (for example)"
+	elog "90_modsecurity_local.conf."
+	elog ""
+	elog "That would be the correct place for site-global security rules."
+	elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs"
+}