Install the latest version of Lua in the 5.1.x branch, if it
isn't already installed on the server. http://www.lua.org/download.html
Stop Apache httpd
Unpack the ModSecurity™
archive
Building differs for UNIX (or UNIX-like) operating systems and
Windows.
UNIX
Run the configure script to generate a Makefile.
Typically no options are needed.
./configure
Options are available for more customization (use
./configure --help for a full list), but
typically you will only need to specify the location of the
apxs command installed by Apache httpd with
the --with-apxs option.
./configure
--with-apxs=/path/to/httpd-2.x.y/bin/apxs
Compile with: make
Optionally test with: make
test
Optionally build the ModSecurity™ Log Collector with:
make mlogc
Optionally install mlogc: Review the
INSTALL file included in the
apache2/mlogc-src directory in the distribution.
Install the ModSecurity™ module with:
make install
Windows (MS VC++ 8)
Edit Makefile.win to configure the
Apache base and library paths.
Compile with: nmake -f
Makefile.win
Install the ModSecurity™ module with:
nmake -f Makefile.win install
Copy the libxml2.dll and
lua5.1.dll to the Apache
bin directory. Alternatively you can follow
the step below for using LoadFile to load these
libraries.
Edit the main Apache httpd config file (usually
httpd.conf)
On UNIX (and Windows if you did not copy the DLLs as stated
above) you must load libxml2 and lua5.1 before ModSecurity™ with something like this:
LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so
Load the ModSecurity™ module
with:
LoadModule security2_module modules/mod_security2.so
Configure ModSecurity™
Start Apache httpd
You should now have ModSecurity™ 2.x up and running.
Note
If you have compiled Apache yourself you might experience problems
compiling ModSecurity™ against PCRE.
This is because Apache bundles PCRE but this library is also typically
provided by the operating system. I would expect most (all)
vendor-packaged Apache distributions to be configured to use an external
PCRE library (so this should not be a problem).
You want to avoid Apache using the bundled PCRE library and
ModSecurity™ linking against the one
provided by the operating system. The easiest way to do this is to
compile Apache against the PCRE library provided by the operating system
(or you can compile it against the latest PCRE version you downloaded
from the main PCRE distribution site). You can do this at configure time
using the --with-pcre switch. If you
are not in a position to recompile Apache, then, to compile ModSecurity™ successfully, you'd still need to
have access to the bundled PCRE headers (they are available only in the
Apache source code) and change the include path for ModSecurity™ (as you did in step 7 above) to
point to them (via the --with-pcre ModSecurity™ configure option).
Do note that if your Apache is using an external PCRE library you
can compile ModSecurity™ with
WITH_PCRE_STUDY defined,which would
possibly give you a slight performance edge in regular expression
processing.