Compiling mod_security with PCRE (significant performance increase)

F

freshmint

Verified User
Joined
Oct 10, 2005
Messages
113
From the ModSecurity manual:

By default ModSecurity relies on the regular expression library built into Apache for pattern matching.
This works well with Apache 2.x but not so much with Apache 1.x. The Apache 1.x regular expression
engine is several times slower. Since 1.9.2 it is possible to compile ModSecurity for Apache 1.x against
an external regular expression library (PCRE, http://www.pcre.org, the same library used in Apache 2.x)
and achieve significant performance increase. This is achieved with the USE_PCRE compile-time flag.

If you have PCRE already installed on your system it may be sufficient to compile ModSecurity like this:

Code: 
# <apache1-home>/bin/apxs -DUSE_PCRE -cia mod_security.c
Click to expand...

Ok, so I tried and got this error:

Code: 
[root@servidor1 customapache]# apxs -DUSE_PCRE -cia mod_security.c
gcc -DLINUX=22 -DHAVE_SET_DUMPABLE -I/usr/include/gdbm -DMOD_SSL=208128 -DUSE_HSREGEX -DEAPI -fpic -DSHARED_MODULE -I/usr/include/apache -DUS
E_PCRE  -c mod_security.c
mod_security.c:37:18: pcre.h: No such file or directory
mod_security.c: In function `my_pregcomp':
mod_security.c:929: error: `PCRE_CASELESS' undeclared (first use in this function)
mod_security.c:929: error: (Each undeclared identifier is reported only once
mod_security.c:929: error: for each function it appears in.)
mod_security.c:929: warning: assignment makes pointer from integer without a cast
mod_security.c: In function `my_regexec':
mod_security.c:940: error: `PCRE_ERROR_NOMATCH' undeclared (first use in this function)
apxs:Break: Command failed with rc=1

I double checked if I have PCRE installed:

Code: 
[root@servidor1 customapache]# yum search pcre
pcre.i386                                4.5-3.2.RHEL4          installed
Matched from:
pcre
Perl-compatible regular expression library.
PCRE has its own native API, but a set of "wrapper" functions that are based on
the POSIX API are also supplied in the library libpcreposix. Note that this
just provides a POSIX calling interface to PCRE: the regular expressions
themselves still follow Perl syntax and semantics. The header file
for the POSIX-style functions is called pcreposix.h.
http://www.pcre.org/

And I even located the /lib/libpcre.so.0.0.1 and copied it to /usr/lib/apache/libpcre.so, with no sucess. Got the same error.

Has anyone sucessfully compiled mod_security with PCRE and can help me?

More info on this slow down issue here: http://www.gotroot.com/tiki-index.php?page=apache1+regexp+slow
 
download the pcre src and compile it with configure and make, but dont do make install. Then you need to follow the instructions to specify the directory of the src you just compiled, you will also need to copy a file to the httpd directory, its all documented.
 
This is what I had to do make get it working:

Code: 
yum install pcre-devel
apxs -I /usr/include/pcre -DUSE_PCRE -cia mod_security.c
ln -s /usr/lib/libpcre.so /usr/lib/apache/libpcre.so
 
You must log in or register to reply here.
Back
Top