ModSecurity installation consists of the following steps:
ModSecurity 2.x works with Apache 2.0.x or better.
Make sure you have mod_unique_id
installed.
(Optional) Install the latest version of libxml2, if it isn't already installed on the server.
Unpack the ModSecurity archive
Edit Makefile to configure the path to Apache (for example:
top_dir = /usr/local/apache2
).
(Optional) Edit Makefile to enable ModSecurity to use libxml2
(uncomment line DEFS = -DWITH_LIBXML2
) and
configure the include path (for example:
INCLUDES=-I/usr/include/libxml2
)
Compile with make
Stop Apache
Install with make install
(Optional) Add one line to your configuration to load libxml2:
LoadFile /usr/lib/libxml2.so
Add one line to your configuration to load ModSecurity:
LoadModule security2_module
modules/mod_security2.so
Configure ModSecurity
Start Apache
You now have ModSecurity 2.x up and running.
If you have compiled Apache yourself you might experience problems compiling ModSecurity against PCRE. This is because Apache bundles PCRE but this library is also typically provided by the operating system. I would expect most (all) vendor-packaged Apache distributions to be configured to use an external PCRE library (so this should not be a problem).
You want to avoid Apache using the bundled PCRE library and
ModSecurity linking against the one provided by the operating system.
The easiest way to do this is to compile Apache against the PCRE library
provided by the operating system (or you can compile it against the
latest PCRE version you downloaded from the main PCRE distribution
site). You can do this at configure time using the
--with-pcre
switch. If you are not in a position to
recompile Apache then, to compile ModSecurity successfully, you'd still
need to have access to the bundled PCRE headers (they are available only
in the Apache source code) and change the include path for ModSecurity
(as you did in step 7 above) to point to them.
Do note that if your Apache is using an external PCRE library you
can compile ModSecurity with WITH_PCRE_STUDY
defined,
which would possibly give you a slight performance edge in regular
expression processing.