Yes im aware of that for 2.0, im running 2.0.59 on a dev machine and 2.0.55 on a production machine, maybe this needs some explaining, im not sure why its suggested then to use an external one ?

Ive confirmed that freebsd ports and debian packages do not use any kind of --with-pcre flag, and from what i saw its not even available for the configure ?


If you have compiled Apache yourself you might experience problems compiling ModSecurity against PCRE. This is because Apache bundles PCRE but this library is also typically provided by the operating system. I would expect most (all) vendor-packaged Apache distributions to be configured to use an external PCRE library (so this should not be a problem).

You want to avoid Apache using the bundled PCRE library and ModSecurity linking against the one provided by the operating system. The easiest way to do this is to compile Apache against the PCRE library provided by the operating system (or you can compile it against the latest PCRE version you downloaded from the main PCRE distribution site). You can do this at configure time using the --with-pcre switch. If you are not in a position to recompile Apache then, to compile ModSecurity successfully, you'd still need to have access to the bundled PCRE headers (they are available only in the Apache source code) and change the include path for ModSecurity (as you did in step 7 above) to point to them.

Do note that if your Apache is using an external PCRE library you can compile ModSecurity with WITH_PCRE_STUDY defined, which would possibly give you a slight performance edge in regular expression processing.

Ryan Barnett wrote:


What version of Apache are you using?  If you are using Apache 2.0 or higher, you don’t need to compile off of an external PCRE source at it is using the new version.  Per the Apache site –

Regular Expression Library Updated

Apache 2.0 includes the Perl Compatible Regular Expression Library (PCRE). All regular expression evaluation now uses the more powerful Perl 5 syntax.


It was previous versions of Apache that used the poor Apache/RegEx libraries.  If you still want to compile off of an external source, you use the “--with-pcre=” configure flag option when compiling Apache –


# ./configure --help | grep -i pcre

  --with-pcre=PATH        Use external PCRE library


For ModSecurity 2.0, it will use the RegEx libraries that Apache is using so it will use the PCRE libraries that come with it.  If you want to compile ModSecurity 2.0 with an external PCRE package, edit the Makefile and define WITH_PCRE_STUDY.


Ryan C. Barnett
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
Author: Preventing Web Attacks with Apache


From: [] On Behalf Of Dan Rossi
Sent: Sunday, November 26, 2006 9:31 PM
Subject: [mod-security-users] external PCRE configure option for apache2 andmod sec 2?


Hi it seems after turning on mod sec the load on our high traffic apache server went up quite alot

CPU states: 49.6% user,  8.2% nice, 15.9% system,  0.5% interrupt, 25.8% idle
Mem: 588M Active, 106M Inact, 304M Wired, 31M Cache, 112M Buf, 1979M Free
Swap: 4096M Total, 93M Used, 4002M Free, 2% Inuse

from about 2%

The installation instructions are quite confusing on how to get mod sec two compiled into apache with performance boosts. I have research everwhere and i cannot find an option --with-pcre for apache 2.

And i looked into the apache bsd ports package and also the debian apache package and there is no such configure rule for an external pcre.

Could it be the rules ?

It seems to also log 404 errors for images loaded within a dynamic script, i just want to audit dynamic scripting only !

Please let me know thanks.