Hi Abdallah,

The intention of pcre version verification is to make sure that, both, ModSecurity and Apache are running the same library. The version is a strong indication of that, however, the compilation of those could be made with different compilations flags, or patches. Our recommendation is to really use the same library.

You have said that: once you loads ModSecurity your Apache started to answer slowly to your requests, have you used the modsecurity.conf-recommended configuration file? Enabled/Disabled ModSecurity using this configuration? Does it make any difference?

During the compilation i've saw that you have used make test, is it "pass" in all tests? how long it takes?

There is something else, in your Apache log that may indicates something about the problem? What about ModSecurity debug log? can you enable it and share with us?

Can you give more details on your Apache version and other apache modules that you are running? (httpd -V and https -l)

Br.,
Felipe "Zimmerle" Costa
Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com


On May 10, 2014, at 4:53 AM, Abdallah <abdullah.beydoun@gmail.com> wrote:

Abdallah wrote: 10-may-2014


For PCRE
alias gcc='gcc -m32'
export CFLAGS=-m32

./configure --prefix=/usr/local/pcre5.0_32 CFLAGS=-m32
make
make test
sudo make install


For mod_security:

alias gcc='gcc -m32'
export CFLAGS=-m32
./configure --with-apxs=/HTTPServer/bin/apxs --with-apr=/HTTPServer/bin/apr-
1-config --with-apu=/HTTPServer/bin/apu-1-config --with-
libxml=/usr/local/libxml2_32/bin/xml2-config --with-
pcre=/usr/local/pcre5.0_32/bin/pcre-config --disable-mlogc CFLAGS=-m32 --
prefix=/usr/local/modsec32_08may --enable-verbose-output
make
make test
sudo make install


Regards
Abdallah



------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
&#149; 3 signs your SCM is hindering your productivity
&#149; Requirements for releasing software faster
&#149; Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/





This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.