1 <html><head><META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Installation</title><link href="modsecurity-reference.css" rel="stylesheet" type="text/css"><meta content="DocBook XSL Stylesheets V1.69.1" name="generator"><link rel="start" href="index.html" title="ModSecurity® Reference
2 Manual"><link rel="up" href="index.html" title="ModSecurity® Reference
3 Manual"><link rel="prev" href="ar01s02.html" title="ModSecurity Core Rules™"><link rel="next" href="configuration-directives.html" title="Configuration Directives"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div style="background:#F5F5F5;width:100%;border-top:1px solid #DDDDDD;border-bottom:1px solid #DDDDDD"><table width="100%" cellspacing="0" cellpadding="0"><tr><td><a href="http://www.modsecurity.org"><img style="margin:4px" src="modsecurity.gif" width="120" height="36" alt="ModSecurity" border="0"></a></td><td align="right"><a href="http://www.breach.com"><img style="margin:6px" src="breach-logo-small.gif" height="36" width="100" border="0"></a></td></tr></table></div><div id="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">Installation</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="ar01s02.html">Prev</a> </td><td align="center" width="60%"> <a accesskey="h" href="index.html">Home</a></td><td align="right" width="20%"> <a accesskey="n" href="configuration-directives.html">Next</a></td></tr></table><hr size="1"></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="installation"></a>Installation</h2></div></div><div></div></div><p>ModSecurity installation requirements:</p><div class="orderedlist"><ol type="1"><li><p>ModSecurity 2.x works only with Apache 2.0.x or higher. Version
4 2.2.x is highly recommended.</p></li><li><p>Make sure you have <code class="literal">mod_unique_id</code> installed.</p><p>mod_unique_id is packaged with Apache httpd.</p></li><li><p>libapr and libapr-util</p><p><a href="http://apr.apache.org/" target="_top">http://apr.apache.org/</a></p></li><li><p>libpcre</p><p><a href="http://www.pcre.org/" target="_top">http://www.pcre.org/</a></p></li><li><p>libxml2</p><p><a href="http://xmlsoft.org/downloads.html" target="_top">http://xmlsoft.org/downloads.html</a></p></li><li><p>liblua v5.1.x</p><p>This library is optional and only needed if you will be using
5 the new Lua engine.</p><p><a href="http://www.lua.org/download.html" target="_top">http://www.lua.org/download.html</a></p><p>Note that ModSecurity requires the dynamic libraries. These are
6 not built by default in the source distribution, so the binary
7 distribution is recommended.</p></li><li><p>libcurl v7.15.1 or higher</p><p>If you will be using the ModSecurity Log Collector (mlogc) to
8 send audit logs to a central repository, then you will also need the
9 curl library.</p><p><a href="http://curl.haxx.se/libcurl/" target="_top">http://curl.haxx.se/libcurl/</a></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Many have had issues with libcurl linked with the GnuTLS
10 library for SSL/TLS support. It is recommended that the
11 openssl library be used for SSL/TLS support in libcurl.</p></div></li></ol></div><p>ModSecurity installation consists of the following steps:</p><div class="orderedlist"><ol type="1"><li><p>Stop Apache httpd</p></li><li><p>Unpack the ModSecurity archive</p></li><li><p>Building differs for UNIX (or UNIX-like) operating systems and
12 Windows.</p><div class="itemizedlist"><ul type="disc"><li><p>UNIX</p><div class="orderedlist"><ol type="a"><li><p>Run the configure script to generate a Makefile.
13 Typically no options are needed.</p><p><code class="literal">./configure</code></p><p>Options are available for more customization (use
14 <code class="literal">./configure --help</code> for a full list), but
15 typically you will only need to specify the location of the
16 <code class="literal">apxs</code> command installed by Apache httpd with
17 the <code class="literal">--with-apxs</code> option.</p><p><code class="literal">./configure
18 --with-apxs=/path/to/httpd-2.x.y/bin/apxs</code></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>There are certain configure options that are meant for
19 debugging an other development use. If enabled, these
20 options can substantially impact performance. These options
21 include all <code class="literal">--debug-*</code> options as well as
22 the <code class="literal">--enable-performance-measurements</code>
23 options.</p></div></li><li><p>Compile with: <code class="literal">make</code></p></li><li><p>Optionally test with: <code class="literal">make
24 test</code></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This is step is still a bit experimental. If you have
25 problems, please send the full output and error from the
26 build to the support list. Most common issues are related to
27 not finding the required headers and/or libraries.</p></div></li><li><p>Optionally build the ModSecurity Log Collector with:
28 <code class="literal">make mlogc</code></p></li><li><p>Optionally install <code class="literal">mlogc</code>: Review the
29 <code class="literal">INSTALL</code> file included in the
30 apache2/mlogc-src directory in the distribution.</p></li><li><p>Install the ModSecurity module with: <code class="literal">make
31 install</code></p></li></ol></div></li><li><p>Windows (MS VC++ 8)</p><div class="orderedlist"><ol type="a"><li><p>Edit <code class="literal">Makefile.win</code> to configure the
32 Apache base and library paths.</p></li><li><p>Compile with: <code class="literal">nmake -f
33 Makefile.win</code></p></li><li><p>Install the ModSecurity module with: <code class="literal">nmake -f
34 Makefile.win install</code></p></li><li><p>Copy the <code class="literal">libxml2.dll</code> and
35 <code class="literal">lua5.1.dll</code> to the Apache
36 <code class="literal">bin</code> directory. Alternatively you can follow
37 the step below for using LoadFile to load these
38 libraries.</p></li></ol></div></li></ul></div></li><li><p>Edit the main Apache httpd config file (usually
39 <code class="literal">httpd.conf</code>)</p><p>On UNIX (and Windows if you did not copy the DLLs as stated
40 above) you must load libxml2 and lua5.1 before ModSecurity with
41 something like this:</p><p><pre class="programlisting">LoadFile /usr/lib/libxml2.so
42 LoadFile /usr/lib/liblua5.1.so</pre></p><p>Load the ModSecurity module with:<pre class="programlisting">LoadModule security2_module modules/mod_security2.so</pre></p></li><li><p>Configure ModSecurity</p></li><li><p>Start Apache httpd</p></li><li><p>You should now have ModSecurity 2.x up and running.</p></li></ol></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>If you have compiled Apache yourself you might experience problems
43 compiling ModSecurity against PCRE. This is because Apache bundles PCRE
44 but this library is also typically provided by the operating system. I
45 would expect most (all) vendor-packaged Apache distributions to be
46 configured to use an external PCRE library (so this should not be a
47 problem).</p><p>You want to avoid Apache using the bundled PCRE library and
48 ModSecurity linking against the one provided by the operating system.
49 The easiest way to do this is to compile Apache against the PCRE library
50 provided by the operating system (or you can compile it against the
51 latest PCRE version you downloaded from the main PCRE distribution
52 site). You can do this at configure time using the<code class="literal"> --with-pcre</code> switch. If you are not in a
53 position to recompile Apache, then, to compile ModSecurity successfully,
54 you'd still need to have access to the bundled PCRE headers (they are
55 available only in the Apache source code) and change the include path
56 for ModSecurity (as you did in step 7 above) to point to them (via the
57 <code class="literal">--with-pcre</code> ModSecurity configure option).</p><p>Do note that if your Apache is using an external PCRE library you
58 can compile ModSecurity with <code class="literal">WITH_PCRE_STUDY</code> defined,which would possibly
59 give you a slight performance edge in regular expression
60 processing.</p><p>Non-gcc compilers may have problems running out-of-the-box as the
61 current build system was designed around the gcc compiler and some
62 compiler/linker flags may differ. To use a non-gcc compiler you may need
63 some manual Makefile tweaks if issues cannot be solved by exporting
64 custom CFLAGS and CPPFLAGS environment variables.</p><p>If you are upgrading from ModSecurity 1.x, please refer to the
65 migration matrix at <a href="http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf" target="_top">http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf</a></p></div></div><div id="navfooter"><hr size="1"><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="ar01s02.html">Prev</a> </td><td align="center" width="20%"> </td><td align="right" width="40%"> <a accesskey="n" href="configuration-directives.html">Next</a></td></tr><tr><td valign="top" align="left" width="40%"><span class="trademark">ModSecurity Core Rules</span>™ </td><td align="center" width="20%"><a accesskey="h" href="index.html">Home</a></td><td valign="top" align="right" width="40%"> Configuration Directives</td></tr></table></div><div align="center" class="copyright">Copyright (C) 2004-2009 <a href="http://www.breach.com">Breach Security</a></div></body></html>
projects / libapache-mod-security.git / blob