Dan,

What version of Apache are you using?  If you are using Apache 2.0 or higher, you don’t need to compile off of an external PCRE source at it is using the new version.  Per the Apache site – http://httpd.apache.org/docs/2.0/new_features_2_0.html

Regular Expression Library Updated

Apache 2.0 includes the Perl Compatible Regular Expression Library (PCRE). All regular expression evaluation now uses the more powerful Perl 5 syntax.

 

It was previous versions of Apache that used the poor Apache/RegEx libraries.  If you still want to compile off of an external source, you use the “--with-pcre=” configure flag option when compiling Apache –

 

# ./configure --help | grep -i pcre

  --with-pcre=PATH        Use external PCRE library

 

For ModSecurity 2.0, it will use the RegEx libraries that Apache is using so it will use the PCRE libraries that come with it.  If you want to compile ModSecurity 2.0 with an external PCRE package, edit the Makefile and define WITH_PCRE_STUDY.

 

--
Ryan C. Barnett
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

 


From: mod-security-users-bounces@lists.sourceforge.net [mailto:mod-security-users-bounces@lists.sourceforge.net] On Behalf Of Dan Rossi
Sent: Sunday, November 26, 2006 9:31 PM
To: mod-security-users@lists.sourceforge.net
Subject: [mod-security-users] external PCRE configure option for apache2 andmod sec 2?

 

Hi it seems after turning on mod sec the load on our high traffic apache server went up quite alot

CPU states: 49.6% user,  8.2% nice, 15.9% system,  0.5% interrupt, 25.8% idle
Mem: 588M Active, 106M Inact, 304M Wired, 31M Cache, 112M Buf, 1979M Free
Swap: 4096M Total, 93M Used, 4002M Free, 2% Inuse

from about 2%

The installation instructions are quite confusing on how to get mod sec two compiled into apache with performance boosts. I have research everwhere and i cannot find an option --with-pcre for apache 2.

And i looked into the apache bsd ports package and also the debian apache package and there is no such configure rule for an external pcre.

Could it be the rules ?

It seems to also log 404 errors for images loaded within a dynamic script, i just want to audit dynamic scripting only !

Please let me know thanks.