ModSecurity installation consists of the following steps:
ModSecurity 2.x works with Apache 2.0.x or better.
Make sure you have mod_unique_id
installed.
Install the latest version of libxml2, if it isn't already installed on the server.
Unpack the ModSecurity archive
Edit Makefile to configure the path to the Apache ServerRoot
directory. You can check this by identifying the ServerRoot directive
setting in your httpd.conf file. This is the path that was specified
with the "--install-path=" configuration flag during compilation (for
example, in Fedora Core4: top_dir =
/etc/httpd
).
Edit Makefile to configure the correct include path for libxml
(for example: INCLUDES=-I/usr/include/libxml2
)
Compile with make
Stop Apache
Install with make
install
Add one line to your configuration to load libxml2:
LoadFile
/usr/lib/libxml2.so
Add one line to your configuration to load ModSecurity:
LoadModule security2_module
modules/mod_security2.so
Configure ModSecurity
Start Apache
You now have ModSecurity 2.x up and running.
If you have compiled Apache yourself or are compiling for a distribution, please read the following notes.
The ModSecurity Core rules may assume XML support is available (compiled with -DWITH_LIBXML2). You may have to manually remove any XML references in the Core rules if you choose not to include XML support. In future versions of ModSecurity XML support will be required. For these reasons, please consider XML support required.
You might experience problems compiling ModSecurity against PCRE. This is because Apache bundles PCRE but this library is also typically provided by the operating system. I would expect most (all) vendor-packaged Apache distributions to be configured to use an external PCRE library (so this should not be a problem).
You want to avoid Apache using the bundled PCRE library and
ModSecurity linking against the one provided by the operating system.
The easiest way to do this is to compile Apache against the PCRE library
provided by the operating system (or you can compile it against the
latest PCRE version you downloaded from the main PCRE distribution
site). You can do this at configure time using the --with-pcre
switch. If you are not in a
position to recompile Apache then, to compile ModSecurity successfully,
you'd still need to have access to the bundled PCRE headers (they are
available only in the Apache source code) and change the include path
for ModSecurity (as you did in step 7 above) to point to them.
If your Apache is using an external PCRE library you
can compile ModSecurity with WITH_PCRE_STUDY
defined,which would possibly
give you a slight performance edge in regular expression
processing.