What version of Apache are you using? If you are using Apache 2.0 or higher, you don’t need to compile off of an external PCRE source at it is using the new version. Per the Apache site – http://httpd.apache.org/docs/2.0/new_features_2_0.html
Regular Expression Library Updated
Apache 2.0 includes the Perl Compatible Regular Expression Library (PCRE). All regular expression evaluation now uses the more powerful Perl 5 syntax.
It was previous versions of Apache that used the poor Apache/RegEx libraries. If you still want to compile off of an external source, you use the “--with-pcre=” configure flag option when compiling Apache –
# ./configure --help | grep -i pcre
--with-pcre=PATH Use external PCRE library
For ModSecurity 2.0, it will use the RegEx libraries that Apache is using so it will use the PCRE libraries that come with it. If you want to compile ModSecurity 2.0 with an external PCRE package, edit the Makefile and define WITH_PCRE_STUDY.
Ryan C. Barnett
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache