The Linux Blog

What is mod_security or modsecurity?
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella – shielding applications from attacks. ModSecurity supports Apache web server.

Short explanation of how to embedd:

Installation
ModSecurity installation consists of the following steps:
1. ModSecurity 2.x works with Apache 2.0.x or better.
2. Make sure you have mod_unique_id installed.
mod_unique_id is packaged with Apache httpd.
3. Install the latest version of libxml2, if it isn’t already installed on the server.

http://xmlsoft.org/downloads.html

4. Optionally install the latest version of Lua in the 5.1.x branch, if it isn’t already installed on the
server and you will be using the new Lua engine.

http://www.lua.org/download.html

Note that ModSecurity requires the dynamic libraries. These are not built by default in the
source distribution, so the binary distribution is recommended.
5. Stop Apache httpd
6. Unpack the ModSecurity archive
7. Building differs for UNIX (or UNIX-like) operating systems and Windows.
• UNIX
a. Run the configure script to generate a Makefile. Typically no options are needed.
./configure
Options are available for more customization (use ./configure –help for a full
list), but typically you will only need to specify the location of the apxs command in-
stalled by Apache httpd with the –with-apxs option.
./configure –with-apxs=/path/to/httpd-2.x.y/bin/apxs
b. Compile with: make
c. Optionally test with: make test
NOTE: This is step is still a bit experimental. If you have problems, please send the
full output and error from the build to the support list. Most common issues are related
to not finding the required headers and/or libraries.
d. Optionally build the ModSecurity Log Collector with: make mlogc
e. Optionally install mlogc: Review the INSTALL file included in the
apache2/mlogc-src directory in the distribution.
f. Install the ModSecurity module with: make install
• Windows (MS VC++ )
a. Edit Makefile.win to configure the Apache base and library paths.
b. Compile with: nmake -f Makefile.win
c. Install the ModSecurity module with: nmake -f Makefile.win install
d. Copy the libxml2.dll and lua5.1.dll to the Apache bin directory. Alternat-
ively you can follow the step below for using LoadFile to load these libraries.

8. Edit the main Apache httpd config file (usually httpd.conf)
On UNIX (and Windows if you did not copy the DLLs as stated above) you must load libxml2
and lua5.1 before ModSecurity with something like this:
LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so
Load the ModSecurity module with:
LoadModule security2_module modules/mod_security2.so
9. Configure ModSecurity
10. Start Apache httpd
11. You should now have ModSecurity 2.x up and running.
Note
If you have compiled Apache yourself you might experience problems compiling ModSecurity
against PCRE. This is because Apache bundles PCRE but this library is also typically provided
by the operating system. I would expect most (all) vendor-packaged Apache distributions to be
configured to use an external PCRE library (so this should not be a problem).
You want to avoid Apache using the bundled PCRE library and ModSecurity linking against the
one provided by the operating system. The easiest way to do this is to compile Apache against the
PCRE library provided by the operating system (or you can compile it against the latest PCRE
version you downloaded from the main PCRE distribution site). You can do this at configure time
using the –with-pcre switch. If you are not in a position to recompile Apache, then, to com-
pile ModSecurity successfully, you’d still need to have access to the bundled PCRE headers (they
are available only in the Apache source code) and change the include path for ModSecurity (as
you did in step 7 above) to point to them (via the –with-pcre ModSecurity configure op-
ion).
Do note that if your Apache is using an external PCRE library you can compile ModSecurity with
WITH_PCRE_STUDY defined,which would possibly give you a slight performance edge in regu-
ar expression processing.

Latest release here!