mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-13 13:26:01 +03:00
195 lines
7.1 KiB
Markdown
195 lines
7.1 KiB
Markdown
|
|
## ModSecurity 2.x Command-line build notes for Windows
|
|
|
|
by Tom Donovam, 4/2/2011
|
|
|
|
|
|
## Prerequisites:
|
|
|
|
Dependency | Tested with | Note
|
|
----|------|----
|
|
Microsoft Visual Studio C++ | Visual Studio 2013 (aka VC12) |
|
|
[CMake build system](http://www.cmake.org/) | CMake v3.8.2 |
|
|
[Apache 2.4.x](http://httpd.apache.org/) | Apache 2.4.27 | Apache must be built from source using the same Visual Studio compiler as mod_security.
|
|
[PCRE, Perl Compatible Regular Expression library](http://www.pcre.org/) | PCRE v8.40
|
|
[LibXML2](http://xmlsoft.org/) | LibXML2 v2.9.4 |
|
|
[Lua Scripting Language](http://www.lua.org/) | Lua v5.3.4
|
|
[cURL multiprotocol file transfer library](http://curl.haxx.se/) | cURL v7.54.0
|
|
|
|
|
|
## Before building
|
|
|
|
The directory where you build software from source ( ``C:\work`` in this exmaple)
|
|
must contain the Apache source you used to build the Apache web serverand the mod_security source
|
|
|
|
Apache source is in C:\work\httpd-2.4.27 in this example.
|
|
Apache has been installed to C:\Apache2427 in this example.
|
|
Mod_security source is in C:\work\mod_security in this example.
|
|
|
|
## Download and untar the prerequisite library sources:
|
|
|
|
Download pcre-8.40.tar.gz from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
|
|
untar it into C:\work\ creating C:\work\pcre-8.40
|
|
|
|
Download libxml2-2.9.4.tar.gz from ftp://xmlsoft.org/libxml2/
|
|
untar it into C:\work\ creating C:\work\libxml2-2.9.4
|
|
|
|
Download lua-5.3.4.tar.gz from http://www.lua.org/ftp/
|
|
untar it into C:\work\ creating C:\work\lua-5.3.4
|
|
|
|
Download curl-7.54.0.tar.gz from http://curl.haxx.se/download.html
|
|
untar it into C:\work\ creating C:\work\curl-7.54.0
|
|
|
|
## Setup your build environment:
|
|
|
|
1. The ``PATH`` environment variable must include the Visual Studio variables as set by ``vsvars32.bat``
|
|
|
|
2. The ``PATH`` environment variable must also include the CMAKE ``bin\`` directory
|
|
|
|
3. Set an environment variable to the Apache source code directory:
|
|
|
|
```
|
|
SET HTTPD_BUILD=C:\work\httpd-2.4.27
|
|
```
|
|
|
|
### Optional:
|
|
|
|
If OpenSSL and zlib support were included when you built Apache 2.4, and you want them available to LibXML2 and cURL
|
|
|
|
1. Ensure that cURL and LibXML2 can find the OpenSSL and zlib includes and libraries that Apache was built with.
|
|
|
|
```
|
|
SET INCLUDE=%INCLUDE%;%HTTPD_BUILD%\srclib\openssl\inc32;%HTTPD_BUILD%\srclib\zlib
|
|
SET LIB=%LIB%;%HTTPD_BUILD%\srclib\openssl\out32dll;%HTTPD_BUILD%\srclib\zlib
|
|
```
|
|
|
|
2. Ensure that cURL and libXML2 don't use the static zlib library: ``zlib.lib``. Force cURL and libXML2 to use ``zdll.lib`` instead, requiring ``zlib1.dll`` at runtime:
|
|
|
|
```
|
|
IF EXIST %HTTPD_BUILD%\srclib\zlib\zlib.lib DEL %HTTPD_BUILD%\srclib\zlib\zlib.lib
|
|
```
|
|
|
|
## Build
|
|
|
|
### PCRE-8.40
|
|
|
|
CD C:\work\pcre-8.40
|
|
CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True
|
|
NMAKE
|
|
|
|
### LibXML2-2.9.4
|
|
|
|
CD C:\work\libxml2-2.9.4\win32
|
|
CSCRIPT configure.js iconv=no vcmanifest=yes zlib=yes
|
|
NMAKE -f Makefile.msvc
|
|
|
|
### Lua-5.3.4
|
|
|
|
CD C:\work\lua-5.3.4\src
|
|
CL /Ox /arch:SSE2 /GF /GL /Gy /FD /EHsc /MD /Zi /TC /wd4005 /D "_MBCS" /D "LUA_CORE" /D "LUA_BUILD_AS_DLL" /D "_CRT_SECURE_NO_WARNINGS" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_WIN32" /D "_WINDLL" /c *.c
|
|
DEL lua.obj luac.obj
|
|
LINK /DLL /LTCG /DEBUG /OUT:lua5.1.dll *.obj
|
|
IF EXIST lua5.1.dll.manifest MT -manifest lua5.1.dll.manifest -outputresource:lua5.1.dll;2
|
|
|
|
### cURL-7.54.0
|
|
|
|
CD C:\work\curl-7.54.0
|
|
CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True -DCURL_ZLIB=True
|
|
NMAKE
|
|
|
|
### ModSecurity-2.9.x
|
|
|
|
CD C:\work\mod_security\apache2
|
|
NMAKE -f Makefile.win APACHE=C:\Apache2427 PCRE=C:\work\pcre-8.40 LIBXML2=C:\work\libxml2-2.9.4 LUA=C:\work\lua-5.3.4\src
|
|
|
|
## Install ModSecurity and run Apache
|
|
|
|
Copy these five files to ``C:\Apache2427\bin``:
|
|
|
|
C:\work\pcre-8.40\pcre.dll C:\Apache2427\bin\
|
|
C:\work\lua-5.3.4\src\lua5.1.dll C:\Apache2427\bin\
|
|
C:\work\libxml2-2.9.4\win32\bin.msvc\libxml2.dll C:\Apache2427\bin\
|
|
C:\work\curl-7.54.0\libcurl.dll C:\Apache2427\bin\
|
|
C:\work\mod_security\apache2\mlogc-src\mlogc.exe
|
|
|
|
Copy this one file to ``C:\Apache2427\modules``:
|
|
|
|
C:\work\mod_security\apache2\mod_security2.so
|
|
|
|
You may also copy ``C:\work\curl-7.54.0\curl.exe`` to ``C:\Apache2427\bin``, if you want to use the cURL command-line program.
|
|
|
|
Download the core rules from http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/ and unzip them into ``C:\Apache2427\conf\modsecurity_crs``
|
|
|
|
Add configuration directives to your Apache conf\httpd.conf:
|
|
|
|
# mod_security requires mod_unique_id
|
|
LoadModule unique_id_module modules/mod_unique_id.so
|
|
|
|
# mod_security
|
|
LoadModule security2_module modules/mod_security2.so
|
|
<IfModule security2_module>
|
|
SecRuleEngine On
|
|
SecDataDir logs
|
|
Include conf/modsecurity_crs/*.conf
|
|
Include conf/modsecurity_crs/base_rules/*.conf
|
|
SecAuditEngine RelevantOnly
|
|
SecAuditLogRelevantStatus "^(?:5|4\d[^4])"
|
|
SecAuditLogType Serial
|
|
SecAuditLogParts ABCDEFGHZ
|
|
SecAuditLog logs/modsecurity.log
|
|
</IfModule>
|
|
|
|
## Optional: Build and configure the ModSecurity-2.x MLOGC piped-logging program
|
|
|
|
Edit the top of ``C:\work\mod_security\apache2\mlogc-src\Makefile.win`` and set your local paths
|
|
|
|
# Path to Apache httpd installation
|
|
BASE = C:\Apache2427
|
|
|
|
# Paths to required libraries
|
|
PCRE = C:\work\pcre-8.40
|
|
CURL = C:\work\curl-7.54.0
|
|
|
|
# Linking libraries
|
|
LIBS = $(BASE)\lib\libapr-1.lib \
|
|
$(BASE)\lib\libaprutil-1.lib \
|
|
$(PCRE)\pcre.lib \
|
|
$(CURL)\libcurl_imp.lib \
|
|
wsock32.lib
|
|
|
|
Build the ``mlogc.exe`` program:
|
|
|
|
CD C:\work\mod_security_trunk\mlogc
|
|
NMAKE -f Makefile.win
|
|
|
|
Copy ``mlocg.exe`` to ``C:\Apache2427\bin\``
|
|
|
|
Create a new command file ``C:\Apache2427\bin\mlogc.bat`` with one line:
|
|
|
|
C:\Apache2427\bin\mlogc.exe C:\Apache2427\conf\mlogc.conf
|
|
|
|
Create a new configuration file ``C:\Apache2427\conf\mlogc.conf`` to control the piped-logging program ``mlogc.exe``.
|
|
Here is an example ``conf\mlogc.conf``:
|
|
|
|
CollectorRoot "C:/Apache2427/logs"
|
|
ConsoleURI "https://localhost:8888/rpc/auditLogReceiver"
|
|
SensorUsername "test"
|
|
SensorPassword "testtest"
|
|
LogStorageDir "data"
|
|
TransactionLog "mlogc-transaction.log"
|
|
QueuePath "mlogc-queue.log"
|
|
ErrorLog "mlogc-error.log"
|
|
LockFile "mlogc.lck"
|
|
KeepEntries 0
|
|
ErrorLogLevel 2
|
|
MaxConnections 10
|
|
MaxWorkerRequests 1000
|
|
TransactionDelay 50
|
|
StartupDelay 5000
|
|
CheckpointInterval 15
|
|
ServerErrorTimeout 60
|
|
|
|
Change the SecAuditLog directive in ``conf\httpd.conf`` to pipe the log data to mlogc instead of writing them to a file:
|
|
|
|
SecAuditLog |C:/Apache2427/bin/mlogc.bat
|