ModSecurity

Installation

ModSecurity installation consists of the following steps:

  1. ModSecurity 2.x works with Apache 2.0.x or better.

  2. Make sure you have mod_unique_id installed.

  3. Install the latest version of libxml2, if it isn't already installed on the server.

  4. Unpack the ModSecurity archive

  5. Edit Makefile to configure the path to the Apache ServerRoot directory. You can check this by identifying the ServerRoot directive setting in your httpd.conf file. This is the path that was specified with the "--install-path=" configuration flag during compilation (for example, in Fedora Core4: top_dir = /etc/httpd).

  6. Edit Makefile to configure the correct include path for libxml (for example: INCLUDES=-I/usr/include/libxml2)

  7. Compile with make

  8. Stop Apache

  9. Install with make install

  10. Add one line to your configuration to load libxml2:

    LoadFile /usr/lib/libxml2.so

  11. Add one line to your configuration to load ModSecurity:

    LoadModule security2_module modules/mod_security2.so

  12. Configure ModSecurity

  13. Start Apache

  14. You now have ModSecurity 2.x up and running.

Note

If you have compiled Apache yourself or are compiling for a distribution, please read the following notes.

The ModSecurity Core rules may assume XML support is available (compiled with -DWITH_LIBXML2). You may have to manually remove any XML references in the Core rules if you choose not to include XML support. In future versions of ModSecurity XML support will be required. For these reasons, please consider XML support required.

You might experience problems compiling ModSecurity against PCRE. This is because Apache bundles PCRE but this library is also typically provided by the operating system. I would expect most (all) vendor-packaged Apache distributions to be configured to use an external PCRE library (so this should not be a problem).

You want to avoid Apache using the bundled PCRE library and ModSecurity linking against the one provided by the operating system. The easiest way to do this is to compile Apache against the PCRE library provided by the operating system (or you can compile it against the latest PCRE version you downloaded from the main PCRE distribution site). You can do this at configure time using the --with-pcre switch. If you are not in a position to recompile Apache then, to compile ModSecurity successfully, you'd still need to have access to the bundled PCRE headers (they are available only in the Apache source code) and change the include path for ModSecurity (as you did in step 7 above) to point to them.

If your Apache is using an external PCRE library you can compile ModSecurity with WITH_PCRE_STUDY defined,which would possibly give you a slight performance edge in regular expression processing.

Copyright (C) 2004-2007 Breach Security