Dan,
What version of Apache are you using?
If you are using Apache 2.0 or higher, you don’t need to compile off of
an external PCRE source at it is using the new version. Per the Apache
site – http://httpd.apache.org/docs/2.0/new_features_2_0.html
Regular _expression_ Library Updated
Apache 2.0 includes the Perl
Compatible Regular _expression_ Library (PCRE). All regular _expression_
evaluation now uses the more powerful Perl 5 syntax.
It was previous versions of Apache that
used the poor Apache/RegEx libraries. If you still want to compile off of
an external source, you use the “--with-pcre=” configure flag option
when compiling Apache –
# ./configure --help | grep -i pcre
--with-pcre=PATH Use external PCRE
library
For ModSecurity 2.0, it will use the RegEx
libraries that Apache is using so it will use the PCRE libraries that come with
it. If you want to compile ModSecurity 2.0 with an external PCRE package,
edit the Makefile and define WITH_PCRE_STUDY.
--
Ryan C. Barnett
Breach Security: Director of Application Security
Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
From: mod-security-users-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:mod-security-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Dan Rossi
Sent: Sunday, November 26, 2006
9:31 PM
To:
mod-security-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [mod-security-users]
external PCRE configure option for apache2 andmod sec 2?
Hi it seems after turning on mod sec the load on our
high traffic apache server went up quite alot
CPU states: 49.6% user, 8.2% nice, 15.9% system, 0.5%
interrupt, 25.8% idle
Mem: 588M Active, 106M Inact, 304M Wired, 31M Cache, 112M Buf, 1979M Free
Swap: 4096M Total, 93M Used, 4002M Free, 2% Inuse
from about 2%
The installation instructions are quite confusing on how to get mod sec two
compiled into apache with performance boosts. I have research everwhere and i
cannot find an option --with-pcre for apache 2.
And i looked into the apache bsd ports package and also the debian apache
package and there is no such configure rule for an external pcre.
Could it be the rules ?
It seems to also log 404 errors for images loaded within a dynamic script, i
just want to audit dynamic scripting only !
Please let me know thanks.
