 |  |
| |
ModSecurity installation consists of the following steps:
ModSecurity 2.x works with Apache 2.0.x or better.
Make sure you have mod_unique_id installed.
mod_unique_id is packaged with Apache httpd.
Install the latest version of libxml2, if it isn't already installed on the server.
Optionally install the latest version of Lua in the 5.1.x branch, if it isn't already installed on the server and you will be using the new Lua engine.
http://www.lua.org/download.html
Note that ModSecurity requires the dynamic libraries. These are not built by default in the source distribution, so the binary distribution is recommended.
Stop Apache httpd
Unpack the ModSecurity archive
Building differs for UNIX (or UNIX-like) operating systems and Windows.
UNIX
Run the configure script to generate a Makefile. Typically no options are needed.
./configure
Options are available for more customization (use
./configure --help for a full list), but
typically you will only need to specify the location of the
apxs command installed by Apache httpd with
the --with-apxs option.
./configure
--with-apxs=/path/to/httpd-2.x.y/bin/apxs
Compile with: make
Optionally test with: make
test
NOTE: This is step is still a bit experimental. If you have problems, please send the full output and error from the build to the support list. Most common issues are related to not finding the required headers and/or libraries.
Optionally build the ModSecurity Log Collector with:
make mlogc
Optionally install mlogc: Review the
INSTALL file included in the
apache2/mlogc-src directory in the distribution.
Install the ModSecurity module with: make
install
Windows (MS VC++ 8)
Edit Makefile.win to configure the
Apache base and library paths.
Compile with: nmake -f
Makefile.win
Install the ModSecurity module with: nmake -f
Makefile.win install
Copy the libxml2.dll and
lua5.1.dll to the Apache
bin directory. Alternatively you can follow
the step below for using LoadFile to load these
libraries.
Edit the main Apache httpd config file (usually
httpd.conf)
On UNIX (and Windows if you did not copy the DLLs as stated above) you must load libxml2 and lua5.1 before ModSecurity with something like this:
LoadFile /usr/lib/libxml2.so LoadFile /usr/lib/liblua5.1.so
Load the ModSecurity module with:
LoadModule security2_module modules/mod_security2.so
Configure ModSecurity
Start Apache httpd
You should now have ModSecurity 2.x up and running.
If you have compiled Apache yourself you might experience problems compiling ModSecurity against PCRE. This is because Apache bundles PCRE but this library is also typically provided by the operating system. I would expect most (all) vendor-packaged Apache distributions to be configured to use an external PCRE library (so this should not be a problem).
You want to avoid Apache using the bundled PCRE library and
ModSecurity linking against the one provided by the operating system.
The easiest way to do this is to compile Apache against the PCRE library
provided by the operating system (or you can compile it against the
latest PCRE version you downloaded from the main PCRE distribution
site). You can do this at configure time using the --with-pcre switch. If you are not in a
position to recompile Apache, then, to compile ModSecurity successfully,
you'd still need to have access to the bundled PCRE headers (they are
available only in the Apache source code) and change the include path
for ModSecurity (as you did in step 7 above) to point to them (via the
--with-pcre ModSecurity configure option).
Do note that if your Apache is using an external PCRE library you
can compile ModSecurity with WITH_PCRE_STUDY defined,which would possibly
give you a slight performance edge in regular expression
processing.