Re: [mod-security-users] compiling against PCRE
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] compiling against PCRE
|
From: Zach R. <ad...@li...> - 2005-12-22 00:40:20
|
In my more updated tests it appears as if the PCRE does help quite a bit but, it still isn't enough. Mod_security cannot handle the thousands of rules necessary to secure against all the security threats there seem to be. Since gotroot.com's ruleset seems to be standard for mod_security installations I did tests with those rules. To start off I loaded the rules into the configuration in no particular order except exclude.conf being first and watched as the server became unstable then crashed. After rebooting I reordered them where the less intensive rules were first (badips.conf) and others were last but, no ordering seemed to have a very noticeable effect. The server's load went back up and it crashed again. By removing badips.conf, several thousand rules from rules.conf, and reordering them again I did get the server stable enough with "SecFilterEngine On" with low to medium traffic. When traffic picked up at 5PM the server load started to rise and the server crashed again. Any further improvements would definitely be welcomed. ;) Zach Ivan Ristic wrote: >Justin Grindea wrote: > > >>hmm, forgot to paste the output... >>here it is: >> >> > > Try this first: > <apache1-home>/bin/apxs -DUSE_PCRE -cia mod_security.c > > If that works but you still need to use LoadFile > use: > > LoadFile /usr/lib/libpcre.so > > Otherwise just download the source from pcre.org > and install it exactly as described in the manual. > > > |
