ModSecurity

Installation

ModSecurity installation consists of the following steps:

  1. ModSecurity 2.x works with Apache 2.0.x or better.

  2. Make sure you have mod_unique_id installed.

  3. (Optional) Install the latest version of libxml2, if it isn't already installed on the server.

  4. Unpack the ModSecurity archive

  5. Edit Makefile to configure the path to Apache (for example: top_dir = /usr/local/apache2).

  6. (Optional) Edit Makefile to enable ModSecurity to use libxml2 (uncomment line DEFS = -DWITH_LIBXML2) and configure the include path (for example: INCLUDES=-I/usr/include/libxml2)

  7. Compile with make

  8. Stop Apache

  9. Install with make install

  10. (Optional) Add one line to your configuration to load libxml2: LoadFile /usr/lib/libxml2.so

  11. Add one line to your configuration to load ModSecurity: LoadModule security2_module modules/mod_security2.so

  12. Configure ModSecurity

  13. Start Apache

  14. You now have ModSecurity 2.x up and running.

Note

If you have compiled Apache yourself you might experience problems compiling ModSecurity against PCRE. This is because Apache bundles PCRE but this library is also typically provided by the operating system. I would expect most (all) vendor-packaged Apache distributions to be configured to use an external PCRE library (so this should not be a problem).

You want to avoid Apache using the bundled PCRE library and ModSecurity linking against the one provided by the operating system. The easiest way to do this is to compile Apache against the PCRE library provided by the operating system (or you can compile it against the latest PCRE version you downloaded from the main PCRE distribution site). You can do this at configure time using the --with-pcre switch. If you are not in a position to recompile Apache then, to compile ModSecurity successfully, you'd still need to have access to the bundled PCRE headers (they are available only in the Apache source code) and change the include path for ModSecurity (as you did in step 7 above) to point to them.

Do note that if your Apache is using an external PCRE library you can compile ModSecurity with WITH_PCRE_STUDY defined, which would possibly give you a slight performance edge in regular expression processing.

Copyright (C) 2004-2006 Breach Security