### Build Simple C Example Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Builds a simple example application written in C. This demonstrates basic usage of the ModSecurity library. ```cmake add_executable(simple_example_using_c ${BASE_DIR}/examples/simple_example_using_c/test.c) setExampleTargetProperties(simple_example_using_c) ``` -------------------------------- ### Build and Install ModSecurity Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Execute the build script, configure the project, compile the source code, and install ModSecurity on your system. Ensure you have necessary permissions for installation. ```shell ./build.sh ./configure make sudo make install ``` -------------------------------- ### Compile libModSecurity on CentOS 7 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs dependencies, clones the ModSecurity repository, builds the library, and installs it. Ensure paths are correct before starting. ```sh yum install gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel cd /opt/ git clone https://github.com/owasp-modsecurity/ModSecurity cd ModSecurity git checkout -b v3/master origin/v3/master sh build.sh git submodule init git submodule update ./configure yum install https://archives.fedoraproject.org/pub/archive/fedora/linux/updates/23/x86_64/b/bison-3.0.4-3.fc23.x86_64.rpm make make install ``` -------------------------------- ### Build Multithread Example Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Builds a multithreaded example application. This demonstrates how to use ModSecurity in a multithreaded environment. ```cmake add_executable(multithread ${BASE_DIR}/examples/multithread/multithread.cc) setExampleTargetProperties(multithread) ``` -------------------------------- ### Build Example Using Bodies in Chunks Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Builds an example application that demonstrates handling request bodies in chunks. Useful for large request bodies. ```cmake add_executable(using_bodies_in_chunks ${BASE_DIR}/examples/using_bodies_in_chunks/simple_request.cc) setExampleTargetProperties(using_bodies_in_chunks) ``` -------------------------------- ### Start GDB and Load Target Binary Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Debugging-ModSecurity Attach GDB to the target binary (e.g., apache2) to prepare for debugging. This step does not start the program execution. ```bash $ gdb /usr/sbin/apache2 GNU gdb (GDB) 7.6.1-ubuntu Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: ... ... ``` -------------------------------- ### Build Example for Reading Logs with Offset Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Builds an example application demonstrating how to read logs with a specified offset. This can be used for log analysis or recovery. ```cmake add_executable(reading_logs_with_offset ${BASE_DIR}/examples/reading_logs_with_offset/read.cc) setExampleTargetProperties(reading_logs_with_offset) ``` -------------------------------- ### Run ModSecurity Installer in Verbose Mode Source: https://github.com/owasp-modsecurity/modsecurity/wiki/IIS-Troubleshooting Use this command to generate a detailed log file (log.txt) during ModSecurity installation on IIS. This log can help identify installation errors. ```bash msiexec /i ModSecurityIIS_A.B.C-Zb.msi /l*v log.txt ``` -------------------------------- ### Example of Missing Git Submodule Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md This example shows the output when a Git submodule is missing or not yet initialized. The leading hyphen is a key indicator. ```sh -bc625d5... bindings/python ``` -------------------------------- ### Build Example for Reading Logs via Rule Message Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Builds an example application that shows how to read logs generated by rule messages. Useful for debugging and monitoring. ```cmake add_executable(reading_logs_via_rule_message ${BASE_DIR}/examples/reading_logs_via_rule_message/simple_request.cc) setExampleTargetProperties(reading_logs_via_rule_message) ``` -------------------------------- ### Install RPM Package Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Package-Generation Install the generated RPM package using yum or dnf. Note that direct RPM installation requires manual dependency management. ```bash $ yum localinstall ~/rpmbuild/RPMS/mod_security.rpm ``` -------------------------------- ### Simple C++ ModSecurity Example Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Demonstrates basic initialization and transaction processing using the C++ interface. Requires ModSecurity and Rules objects to be instantiated. ```cpp using ModSecurity::ModSecurity; using ModSecurity::Rules; using ModSecurity::Transaction; ModSecurity *modsec; ModSecurity::Rules *rules; modsec = new ModSecurity(); rules = new Rules(); rules->loadFromUri(rules_file); Transaction *modsecTransaction = new Transaction(modsec, rules); modsecTransaction->processConnection("127.0.0.1"); if (modsecTransaction->intervention()) { std::cout << "There is an intervention" << std::endl; } ``` -------------------------------- ### Define Example Target Properties Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt A CMake function to set common properties for example executables, including include directories and library linking. ```cmake function(setExampleTargetProperties executable) target_include_directories(${executable} PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others) target_link_libraries(${executable} PRIVATE libModSecurity) endfunction() ``` -------------------------------- ### Example Git Submodule Status Output Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md This is an example of the output from `git submodule status`, showing initialized and fetched submodules. A leading hyphen indicates an uninitialized or unfetched submodule. ```sh bc625d5... bindings/python 2117822... others/libinjection (v4.0.0) 0fe989b... others/mbedtls (v4.1.0) a3d4405... test/test-cases/secrules-language-tests ``` -------------------------------- ### Install AWS Linux 2 and Nginx Dependencies Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs Nginx 1.12 and downloads the Nginx source package for compilation on AWS Linux 2. ```bash amazon-linux-extras install -y nginx1.12 yumdownloader --source nginx rpm -i nginx-1.12.2-1.amzn2.0.2.src.rpm ``` -------------------------------- ### Simple C ModSecurity Example Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Illustrates basic ModSecurity library usage with the C interface, including initialization, rule loading, and transaction processing for various stages of an HTTP request. ```c #include "modsecurity/modsecurity.h" #include "modsecurity/transaction.h" char main_rule_uri[] = "basic_rules.conf"; int main (int argc, char **argv) { ModSecurity *modsec = NULL; Transaction *transaction = NULL; Rules *rules = NULL; modsec = msc_init(); rules = msc_create_rules_set(); msc_rules_add_file(rules, main_rule_uri); transaction = msc_new_transaction(modsec, rules); msc_process_connection(transaction, "127.0.0.1"); msc_process_uri(transaction, "http://www.modsecurity.org/test?key1=value1&key2=value2&key3=value3&test=args&test=test"); msc_process_request_headers(transaction); msc_process_request_body(transaction); msc_process_response_headers(transaction); msc_process_response_body(transaction); return 0; } ``` -------------------------------- ### ModSecurity Transformation Function with Parameters Example Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Ideas-for-Google-Summer-of-Code-2016 Demonstrates how a transformation function could accept parameters. This would enhance flexibility in applying transformations. ```modsecurity t:encrypt(%{TX.mykey}%) ``` -------------------------------- ### Install and Test Nginx ModSecurity RPM Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs the built Nginx ModSecurity RPM package and starts/checks the Nginx service. ```bash #copy package needed machine or repo: /root/rpmbuild/RPMS/x86_64/nginx-modsecurity3-aws-1.0.0-1.x86_64.rpm rpm -i nginx-modsecurity3-aws-1.0.0-1.x86_64.rpm systemctl start nginx systemctl status nginx ``` -------------------------------- ### Install Dependencies for Nginx and ModSecurity on CentOS 7 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs necessary packages for building Nginx and ModSecurity, including development tools and libraries. This is a prerequisite for compiling the software. ```bash yum -y install epel-release yum -y install nginx yumdownloader --source nginx yum install -y git rpm-build gperftools-devel openssl-devel pcre-devel zlib-devel \ GeoIP-devel gd-devel perl-devel libxslt-devel perl-ExtUtils-Embed.noarch gcc gcc-c++ autoconf automake libtool rpm -i nginx-1.12.2-2.el7.src.rpm ``` -------------------------------- ### Run Apache with GDB and Debug Symbols Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Debugging-ModSecurity Start the Apache web server under GDB with specific configuration and listen directives. Ensure debugging symbols are available for effective debugging. ```bash (zimmerle@zlinux)-(~/core/spider-modsec/tests)$ gdb /usr/sbin/apache2 GNU gdb (GDB) 7.6.1-ubuntu Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/sbin/apache2...(no debugging symbols found)...done. (gdb) run -d -X -f /home/zimmerle/core/spider-modsec/tests/regression/server_root/conf/httpd.conf -c 'Listen localhost:8088' -c 'Include /home/zimmerle/core/spider-modsec/tests/regression/server_root/conf/config_10-request-directives.t_000003.conf' -k start Starting program: /usr/sbin/apache2 -d -X -f /home/zimmerle/core/spider-modsec/tests/regression/server_root/conf/httpd.conf -c 'Listen localhost:8088' -c 'Include /home/zimmerle/core/spider-modsec/tests/regression/server_root/conf/config_10-request-directives.t_000003.conf' -k start [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGABRT, Aborted. 0x00007ffff7196f77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. ``` -------------------------------- ### Compile libModSecurity and Nginx on Amazon Linux 2 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs dependencies, builds libModSecurity, SSDEEP, LMDB, and then compiles Nginx with the ModSecurity-nginx connector. Ensure all dependencies are met before proceeding. ```bash yum install yajl-devel git gcc-c++ flex bison curl-devel curl libxml2-devel doxygen zlib-devel git automake libtool pcre-devel GeoIP-devel lua-devel wget openssl-devel # Install LMDB cd /opt/ git clone git clone https://github.com/LMDB/lmdb.git cd lmdb/libraries/liblmdb make make install # Install SSDEEP cd /opt/ git clone https://github.com/ssdeep-project/ssdeep cd ssdeep/ ./bootstrap ./configure && make && make install # Install libmodsecurity cd /opt/ git clone https://github.com/owasp-modsecurity/ModSecurity cd ModSecurity ./build git submodule init git submodule update ./configure make make install # Install Nginx + Nginx Connector cd /opt git clone --depth 1 https://github.com/owasp-modsecurity/ModSecurity-nginx.git # Nginx wget https://nginx.org/download/nginx-1.15.10.tar.gz tar -xvzf nginx-1.15.10.tar.gz cd nginx-1.15.10/ ./configure --with-http_ssl_module --with-http_v2_module --with-compat --add-dynamic-module=/opt/ModSecurity-nginx/ make make install ``` -------------------------------- ### Compile ModSecurity on CentOS 6.5 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs necessary development tools and libraries, then compiles and installs ModSecurity v3.x from source. Ensure all dependencies are met before proceeding. ```sh yum install -y wget perl cmake # Add a newer version of GCC that can make c++-11 wget http://people.centos.org/tru/devtools-2/devtools-2.repo -O /etc/yum.repos.d/devtools-2.repo yum install -y devtoolset-2-gcc-c++ devtoolset-2-binutils PATH=/opt/rh/devtoolset-2/root/usr/bin:$PATH cd /opt/ #Install bison wget http://ftp.gnu.org/gnu/bison/bison-3.0.4.tar.gz tar -xvzf bison-3.0.4.tar.gz cd bison-3.0.4 ./configure make make install cd /opt/ # Install autoconf wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz tar -xvzf autoconf-2.69.tar.gz cd autoconf-2.69 ./configure make make install cd /opt # Install libtool wget http://ftp.gnu.org/gnu/libtool/libtool-2.4.5.tar.gz tar -xvzf libtool-2.4.5.tar.gz cd libtool-2.4.5 ./configure make make install cd /opt # Install automake wget http://ftp.gnu.org/gnu/automake/automake-1.15.tar.gz tar -xvzf automake-1.15.tar.gz cd automake-1.15 ./configure make make install cd /opt # Insteall PCRE-devel wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz tar -xvzf pcre-8.38.tar.gz cd pcre-8.38 ./configure make make install cd /opt/ # Install YAJL2 wget http://github.com/lloyd/yajl/tarball/2.1.0 -O yajl-2.1.0.tar.gz tar -xvzf yajl-2.1.0.tar.gz cd lloyd-yajl-66cb08c ./configure make make install cd /opt # Install Curl wget http://curl.haxx.se/download/curl-7.46.0.tar.gz tar -xvzf curl-7.46.0.tar.gz cd curl-7.46.0 ./configure --prefix=/opt/curl make make install # Little hack because make doesn't respect --with-curl currently cp -R /opt/curl/include/curl/ /usr/include/ cd /opt/ # Install GeoIP wget ftp://rpmfind.net/linux/centos/5.11/extras/x86_64/RPMS/GeoIP-data-20090201-1.el5.centos.x86_64.rpm wget ftp://rpmfind.net/linux/fedora/linux/releases/23/Everything/x86_64/os/Packages/g/GeoIP-1.6.6-1.fc23.x86_64.rpm wget ftp://rpmfind.net/linux/fedora/linux/releases/23/Everything/x86_64/os/Packages/g/GeoIP-devel-1.6.6-1.fc23.x86_64.rpm rpm -i GeoIP-1.6.6-1.fc23.x86_64.rpm GeoIP-data-20090201-1.el5.centos.x86_64.rpm rpm -i GeoIP-devel-1.6.6-1.fc23.x86_64.rpm yum install -y libxml2-devel doxygen zlib-devel git flex git clone https://github.com/csanders-git/ModSecurity cd ModSecurity git checkout -b v3/master origin/v3/master sh build.sh git submodule init git submodule update ./configure --with-yajl=/opt/lloyd-yajl-66cb08c/build/yajl-2.1.0/ --with-curl=/opt/curl/ make make install ``` -------------------------------- ### Install ModSecurity Build Dependencies Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs development packages required for compiling ModSecurity and its Nginx connector on AWS Linux. ```bash yum install -y git rpm-build gperftools-devel openssl-devel pcre-devel zlib-devel \ GeoIP-devel gd-devel perl-devel libxslt-devel perl-ExtUtils-Embed.noarch gcc gcc-c++ autoconf automake libtool ``` -------------------------------- ### Install ModSecurity IIS Module Source: https://github.com/owasp-modsecurity/modsecurity/wiki/IIS-Troubleshooting Use this command to add the ModSecurity IIS module globally to your IIS server. Ensure the DLL path is correct for your installation. ```bash appcmd.exe install module /name:"ModSecurity IIS" /image:"C:\Program Files (x86)\ModSecurity IIS\inetsrv\ModSecurityIIS.dll" ``` -------------------------------- ### Compile Nginx Connector with libModSecurity on CentOS 7 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Sets environment variables for ModSecurity headers and libraries, clones the Nginx connector, downloads Nginx, configures Nginx with the ModSecurity module, and installs it. A backup of the original Nginx binary is created. ```sh # ensure env vars are set export MODSECURITY_INC="/opt/ModSecurity/headers/" export MODSECURITY_LIB="/opt/ModSecurity/src/.libs/" cd /opt/ git clone https://github.com/owasp-modsecurity/ModSecurity-nginx wget http://nginx.org/download/nginx-1.9.2.tar.gz tar -xvzf nginx-1.9.2.tar.gz cd /opt/nginx-1.9.2 /bin/cp -f /usr/sbin/nginx /usr/sbin/nginx_original_bkp ./configure --add-module=/opt/ModSecurity-nginx make make install ``` -------------------------------- ### Compile libModSecurity on Ubuntu 18.04 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs necessary dependencies and compiles libModSecurity from source on Ubuntu 18.04. ```sh $ sudo apt-get install git g++ apt-utils autoconf automake build-essential libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev $ git clone https://github.com/owasp-modsecurity/ModSecurity $ cd ModSecurity/ $ git submodule init $ git submodule update $ sh build.sh $ ./configure $ make $ make install ``` -------------------------------- ### ModSecurity Sub-Phases Rule Ordering Example Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Ideas-for-Google-Summer-of-Code-2016 Illustrates how sub-phases can be used to order rules within a real phase. This allows for more granular control over rule execution, especially when integrating external rule sets. ```modsecurity SecRule ... phase:2.6,id:1 ``` ```modsecurity SecRule ... phase:2,id:2 ``` ```modsecurity SecRule ... phase:2.3,id:3 ``` -------------------------------- ### Compile libModSecurity on CentOS 6.x Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Clones and builds libModSecurity from source on CentOS 6.x, including initializing and updating submodules. Ensure build tools are installed. ```bash $ cd /opt/ $ git clone https://github.com/owasp-modsecurity/ModSecurity $ cd ModSecurity $ git checkout -b v3/master origin/v3/master $ sh build.sh $ git submodule init $ git submodule update $ ./configure $ make $ make install ``` -------------------------------- ### Compile libModSecurity on Ubuntu 22.10 with PCRE2 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs dependencies and compiles libModSecurity from source on Ubuntu 22.10, preferring PCRE2. Assumes nginx version >= 1.21.5. ```sh $ sudo apt-get install git g++ apt-utils autoconf automake build-essential libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre2-dev libtool libxml2-dev libyajl-dev pkgconf zlib1g-dev $ git clone https://github.com/owasp-modsecurity/ModSecurity $ cd ModSecurity/ $ git submodule init $ git submodule update $ sh build.sh $ ./configure --with-pcre2 $ make $ make install ``` -------------------------------- ### Enable ModSecurity for a Site Source: https://github.com/owasp-modsecurity/modsecurity/wiki/IIS-Troubleshooting Configure a specific IIS site to use ModSecurity by enabling it and specifying the configuration file path. This must be done after the module is installed. ```bash appcmd.exe set config /section:"system.webServer/ModSecurity" /"enabled:true" /"configFile:C:\Program Files (x86)\ModSecurity IIS\modsecurity_iis.conf" ``` -------------------------------- ### Install ModSecurity RPM Package Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs the compiled ModSecurity RPM package on the CentOS 7 system. This command assumes the RPM file has been successfully built. ```bash # install package . rpm -i /root/rpmbuild/RPMS/x86_64/nginx-modsecurity3-centos7-1.0.0-1.x86_64.rpm ``` -------------------------------- ### Compile libModSecurity on macOS 10.13 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs dependencies using Homebrew and compiles libModSecurity from source on macOS 10.13. Requires manual directory creation and ownership changes. ```sh brew install flex bison zlib curl pcre libffi autoconf automake yajl pkg-config libtool ssdeep luarocks brew install geoip --with-geoipupdate brew install doxygen --with-llvm # Arbitrarily, create a directory to put things in sudo mkdir -p /usr/local/modsecurity sudo chown -R $(whoami) /usr/local/modsecurity cd /usr/local/opt mkdir ModSecurity git clone https://github.com/owasp-modsecurity/ModSecurity && cd ModSecurity git checkout -b v3/master origin/v3/master sh build.sh git submodule init && git submodule update ./configure make make install ``` -------------------------------- ### Compile ModSecurity for Nginx on CentOS 7 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs development tools and libraries, clones ModSecurity and its Nginx connector, builds ModSecurity, and then configures and builds Nginx with the ModSecurity module dynamically. ```sh sudo yum groupinstall 'Development Tools' -y sudo yum install gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel sudo yum install lmdb lmdb-devel libxml2 libxml2-devel ssdeep ssdeep-devel lua lua-devel sudo git clone --depth 1 -b v3/master --single-branch https://github.com/owasp-modsecurity/ModSecurity cd ModSecurity sudo git submodule init sudo git submodule update sudo ./build.sh sudo ./configure sudo make sudo make install sudo git clone --depth 1 https://github.com/owasp-modsecurity/ModSecurity-nginx.git sudo wget http://nginx.org/download/nginx-1.15.7.tar.gz sudo tar zxvf nginx-1.15.7.tar.gz cd nginx-1.15.7 sudo ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx sudo make modules sudo cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules sudo mkdir /etc/nginx/modsec sudo cp ~/ModSecurity/unicode.mapping /etc/nginx/modsec/ ``` ```nginx load_module modules/ngx_http_modsecurity_module.so; ``` -------------------------------- ### ModSecurity Configuration with OWASP CRS Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md View the content of `basic_rules.conf` after including the OWASP v3 ruleset. This configuration includes the recommended ModSecurity settings and the OWASP CRS setup and rules. ```shell $ cat basic_rules.conf Include "../../modsecurity.conf-recommended" Include "owasp-v3/crs-setup.conf.example" Include "owasp-v3/rules/*.conf" ``` -------------------------------- ### Compile libModSecurity on Amazon Linux Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Installs dependencies, including specific versions of YAJL and GeoIP, then clones and builds ModSecurity from source. This recipe addresses package availability issues on Amazon Linux. ```sh yum install gcc-c++ flex bison curl-devel curl libxml2-devel doxygen zlib-devel git automake libtool pcre-devel cd /opt/ # Steal Fedora's YAJL and YAJL-devel packages wget https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/23/Everything/x86_64/os/Packages/y/yajl-2.1.0-4.fc23.x86_64.rpm rpm -i yajl-2.1.0-4.fc23.x86_64.rpm wget https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/23/Everything/x86_64/os/Packages/y/yajl-devel-2.1.0-4.fc23.x86_64.rpm rpm -i yajl-devel-2.1.0-4.fc23.x86_64.rpm # Install latest bison yum install https://archives.fedoraproject.org/pub/archive/fedora/linux/updates/23/x86_64/b/bison-3.0.4-3.fc23.x86_64.rpm # Amazon's GeoIP-devel package does not come with geoip.pc (no idea why not) wget ftp://rpmfind.net/linux/centos/5.11/extras/x86_64/RPMS/GeoIP-data-20090201-1.el5.centos.x86_64.rpm wget ftp://rpmfind.net/linux/fedora/linux/releases/23/Everything/x86_64/os/Packages/g/GeoIP-1.6.6-1.fc23.x86_64.rpm wget ftp://rpmfind.net/linux/fedora/linux/releases/23/Everything/x86_64/os/Packages/g/GeoIP-devel-1.6.6-1.fc23.x86_64.rpm rpm -i GeoIP-1.6.6-1.fc23.x86_64.rpm GeoIP-data-20090201-1.el5.centos.x86_64.rpm rpm -i GeoIP-devel-1.6.6-1.fc23.x86_64.rpm rm -rf *.rpm git clone https://github.com/owasp-modsecurity/ModSecurity cd ModSecurity git checkout -b v3/master origin/v3/master sh build.sh git submodule init git submodule update ./configure make make install ``` -------------------------------- ### Prepare Nginx Source and Generate Build String Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Unpacks the Nginx source RPM and generates the Nginx configure command with the ModSecurity-nginx dynamic module added. ```bash #unpack correct version from rpm package tar zxf /root/rpmbuild/SOURCES/nginx-1.12.2.tar.gz cd nginx-1.12.2/ #generate build string nginx -V 2>&1 | grep 'configure arguments' | sed "s#configure arguments:#./configure --add-dynamic-module=../ModSecurity-nginx #g" ``` -------------------------------- ### Prepare for RPM Build Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Copies the compiled ModSecurity shared library and Nginx module to the RPM build directory. ```bash cd /root mkdir -p /root/rpmbuild/BUILD find . -type f -iname 'libmodsecurity.so.3.*' -exec cp {} /root/rpmbuild/BUILD \; find . -type f -iname 'ngx_http_modsecurity_module.so' -exec cp {} /root/rpmbuild/BUILD \; ``` -------------------------------- ### Basic Argument Matching Rule Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/test/test-cases/data/config_example.txt This rule checks if the 'ARGS' variable contains the string 'config_example'. It passes the request if the condition is met, trims whitespace, and assigns an ID. ```modsecurity SecRule ARGS "@contains config_example" "id:101,pass,t:trim" ``` -------------------------------- ### Run ModSecurity Benchmark Tool Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Execute the benchmark tool from the `test/benchmark/` directory. This command runs the benchmark with the default number of transactions. ```shell cd test/benchmark $ ./benchmark Doing 1000000 transactions... ``` -------------------------------- ### Initialize Git Submodules Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md After cloning, initialize and update all git submodules required for the build. This command fetches the necessary external dependencies. ```shell git submodule update --init --recursive ``` -------------------------------- ### RPM SPEC File for nginx-modsecurity3-centos7 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Defines the metadata and build/install scripts for the nginx-modsecurity3-centos7 RPM package. It specifies file locations, installation steps, and post-installation configurations for ModSecurity. ```spec Name: nginx-modsecurity3-centos7 Version: 3.0.3 Release: 1 Group: Applications/System BuildArch: x86_64 Summary: modsecurity for nginx License: GPL %description Brief description of software package. Provides: libmodsecurity.so.3 nginx-modsecurity %prep %build %install mkdir -p %{buildroot}/opt/modsecurity cp libmodsecurity.so.3.0.3 %buildroot/opt/modsecurity cp ngx_http_modsecurity_module.so %buildroot/opt/modsecurity %post echo 'load_module "/usr/lib64/nginx/modules/ngx_http_modsecurity_module.so";' > /usr/share/nginx/modules/mod-modsecurity.conf ln -sf /opt/modsecurity/ngx_http_modsecurity_module.so /usr/lib64/nginx/modules/ngx_http_modsecurity_module.so cat > /etc/ld.so.conf.d/modsecurity.conf << EOF /opt/modsecurity EOF ldconfig %postun rm -f /etc/ld.so.conf.d/modsecurity.conf rm -f /usr/lib64/nginx/modules/ngx_http_modsecurity_module.so rm -f /usr/share/nginx/modules/mod-modsecurity.conf ldconfig %clean %files /* ``` -------------------------------- ### Build RPM Package Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Package-Generation Use this command to build an RPM package from a .spec file. Ensure the .spec file is saved correctly. The generated RPM will be located in ~/rpmbuild/RPMS. ```bash $ rpmbuild mod_security.spec ``` -------------------------------- ### Create Shared Library Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Builds the libModSecurity shared library using the discovered source files. ```cmake add_library(libModSecurity SHARED ${libModSecuritySources}) ``` -------------------------------- ### Enable Testing and Process Test Suite Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Enables the testing framework and reads a test suite definition file. It then processes each line, skipping comments and validating prefixes, to dynamically add tests. ```cmake enable_testing() file(READ ${BASE_DIR}/test/test-suite.in TEST_FILES_RAW) string(REPLACE "\n" ";" TEST_FILES ${TEST_FILES_RAW}) foreach(TEST_FILE ${TEST_FILES}) # ignore comment lines string(FIND ${TEST_FILE} "#" is_comment) if(NOT is_comment EQUAL 0) string(FIND ${TEST_FILE} "TESTS+=" is_valid_prefix) if(NOT is_valid_prefix EQUAL 0) message(FATAL_ERROR "Invalid prefix in line: ${TEST_FILE}") endif() # remove 'TESTS+=' prefix and 'test/' too because tests are launched # from that directory string(SUBSTRING ${TEST_FILE} 12 -1 TEST_FILE) # test name get_filename_component(TEST_NAME ${TEST_FILE} NAME_WE) # determine test runner based on test path prefix string(FIND ${TEST_FILE} "test-cases/regression/" is_regression_test) if(is_regression_test EQUAL 0) set(TEST_RUNNER "regression_tests") else() set(TEST_RUNNER "unit_tests") endif() add_test(NAME ${TEST_NAME} COMMAND ${TEST_RUNNER} ${TEST_FILE} WORKING_DIRECTORY ${BASE_DIR}/test) endif() endforeach() ``` -------------------------------- ### Build Benchmark Executable Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Configures the build to include the benchmark executable. Use this to test ModSecurity's performance. ```cmake add_executable(benchmark ${BASE_DIR}/test/benchmark/benchmark.cc) setTestTargetProperties(benchmark) ``` -------------------------------- ### Configure Nginx with Debug Build Option Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Debugging-ModSecurity When configuring Nginx, use the '--with-debug' option along with the recommended CFLAGS for debugging. This ensures the Nginx build includes debugging symbols and features. ```bash CFLAGS="-g -O0" ./configure --with-debug ...normal paramanters... ``` -------------------------------- ### ModSecurity Rule with Invalid Operator Usage Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/test/test-cases/data/config_example-bad-op-include.txt An example of a ModSecurity rule with an invalid operator ('@missingOperator'). This demonstrates a common configuration error. Always use valid ModSecurity operators. ```modsecurity SecRule ARGS 123 "@missingOperator config_example" "id:11,pass,t:trim" ``` -------------------------------- ### Download OWASP ModSecurity Core Rule Set Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Execute the `download-owasp-v3-rules.sh` script to download the OWASP ModSecurity Core Rule Set v3. This script clones the repository and switches to a specific tag. ```shell $ ./download-owasp-v3-rules.sh Cloning into 'owasp-v3'... remote: Enumerating objects: 33007, done. remote: Counting objects: 100% (2581/2581), done. remote: Compressing objects: 100% (907/907), done. remote: Total 33007 (delta 2151), reused 2004 (delta 1638), pack-reused 30426 Receiving objects: 100% (33007/33007), 9.02 MiB | 16.21 MiB/s, done. Resolving deltas: 100% (25927/25927), done. Switched to a new branch 'tag3.0.2' /path/to/ModSecurity/test/benchmark Done. ``` -------------------------------- ### Create and Copy ModSecurity DLL from Docker Container Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/README.md Commands to create a container from the ModSecurity image and copy the libModSecurity.dll file. Leaving out the filename copies all built binaries. ```docker docker container create --name [container_name] libmodsecurity ``` ```docker docker cp [container_name]:C:\src\ModSecurity\build\win32\build\[build_type]\libModSecurity.dll . ``` -------------------------------- ### Initialize and Update Git Submodules for Testing Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Before running regression and unit tests, ensure all necessary git submodules are initialized and updated. This command fetches shared test case repositories. ```shell $ cd /path/to/your/ModSecurity $ git submodule update --init --recursive $ make check ``` -------------------------------- ### Measure Benchmark Execution Time Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Use the `time` command to measure the real, user, and system execution time of the benchmark tool with a specific number of transactions. ```shell $ time ./benchmark 1000 Doing 1000 transactions... real 0m0.351s user 0m0.337s sys 0m0.022s ``` -------------------------------- ### Default ModSecurity Configuration Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md View the content of `basic_rules.conf` when using the minimal configuration for benchmarking. This file includes the recommended ModSecurity configuration. ```shell $ cat basic_rules.conf Include "../../modsecurity.conf-recommended" ``` -------------------------------- ### Run ModSecurity Benchmark with Custom Transactions Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Run the benchmark tool with a specified number of transactions by passing a numeric argument. This allows for testing with a smaller dataset. ```shell $ ./benchmark 1000 Doing 1000 transactions... ``` -------------------------------- ### Configure ModSecurity to Access Network Shares Source: https://github.com/owasp-modsecurity/modsecurity/wiki/IIS-Troubleshooting Use quad slashes (\\) to specify network share paths in ModSecurity configuration directives like SecAuditLog, SecAuditLogStorageDir, and Include. Mapped drives are not supported. ```modsecurity SecAuditLog \\192.168.1.120\test\temp\index2.log SecAuditLogStorageDir \\192.168.1.120\test\temp Include \\192.168.1.120\test\temp.conf ``` -------------------------------- ### Configuration Output for GeoIP/MaxMind Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md This output indicates that the libmaxminddb library is found and being used for GeoIP functionality. This is the recommended MaxMind DB API. ```sh + GeoIP/MaxMind ....found * (MaxMind) v1.12.2 -lmaxminddb , -I/usr/include/x86_64-linux-gnu ``` -------------------------------- ### Check ModSecurity DLL Dependencies with dumpbin Source: https://github.com/owasp-modsecurity/modsecurity/wiki/IIS-Troubleshooting Use dumpbin to list imported DLLs and their dependencies for ModSecurity IIS module and its common libraries. Redirect the output to a text file for analysis. ```cmd dumpbin /imports /dependents ModSecurityIIS.dll libapr-1.dll libaprutil-1.dll libxml2.dll lua5.1.dll pcre.dll > c:\somedir\deps.txt ``` -------------------------------- ### Build ModSecurity with vcbuild.bat Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/README.md Use vcbuild.bat to compile ModSecurity. Specify build configuration (Release, RelWithDebInfo, MinSizeRel, Debug) and architecture (x86_64, x86). ```batch vcbuild.bat [build_configuration] [arch] [USE_ASAN] ``` -------------------------------- ### Set Compile Definitions and Include Directories Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Configures compile definitions and include paths for the libModSecurity library, including PCRE2 support and external library headers. ```cmake target_compile_definitions(libModSecurity PRIVATE WITH_PCRE2) target_include_directories(libModSecurity PRIVATE ${BASE_DIR} ${BASE_DIR}/headers ${BASE_DIR}/others ${MBEDTLS_DIR}/include ${TF_PSA_CRYPTO_DIR}/include ${TF_PSA_CRYPTO_DIR}/drivers/builtin/include) ``` -------------------------------- ### Build RPM Package Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Builds the Nginx ModSecurity RPM package using the provided spec file. ```bash cd /root/rpmbuild/SPECS #create file nginx-modsecurity.spec rpmbuild -ba nginx-modsecurity.spec ``` -------------------------------- ### Build ModSecurity with AddressSanitizer Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/README.md Add USE_ASAN as the third argument to vcbuild.bat to generate a build with Address Sanitizer. This is only compatible with Debug and RelWithDebInfo builds. ```batch vcbuild.bat Debug x86_64 USE_ASAN ``` -------------------------------- ### Compile Nginx Connector for ModSecurity Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Clones the ModSecurity-nginx connector, unpacks the Nginx source, generates the Nginx configure string with the ModSecurity dynamic module, compiles the module, and copies the resulting shared objects to the RPM build directory. ```bash cd /root mkdir nginx git clone --depth 1 https://github.com/owasp-modsecurity/ModSecurity-nginx.git #unpack correct version from rpm package tar zxf /root/rpmbuild/SOURCES/nginx-1.12.2.tar.gz cd nginx-1.12.2/ #generate build string nginx -V 2>&1 | grep 'configure arguments' | sed "s#configure arguments:#./configure --add-dynamic-module=../ModSecurity-nginx #g" # if looks good, compile nginx -V 2>&1 | grep 'configure arguments' | sed "s#configure arguments:#./configure --add-dynamic-module=../ModSecurity-nginx #g" |bash make modules cd /root mkdir -p /root/rpmbuild/BUILD find . -type f -iname 'libmodsecurity.so.3.*' -exec cp {} /root/rpmbuild/BUILD \; find . -type f -iname 'ngx_http_modsecurity_module.so' -exec cp {} /root/rpmbuild/BUILD \; ``` -------------------------------- ### Reset Build and Conan Packages Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/README.md Recommended commands to reset the build directory and remove previously built Conan packages when changing build configurations. ```batch conan remove * -c ``` -------------------------------- ### Compile Nginx with ModSecurity Module Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Compiles Nginx with the ModSecurity dynamic module using the generated configure arguments. ```bash nginx -V 2>&1 | grep 'configure arguments' | sed "s#configure arguments:#./configure --add-dynamic-module=../ModSecurity-nginx #g" |bash make modules ``` -------------------------------- ### Compile Nginx-connector (OpenResty) on CentOS 6.x Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Clones the ModSecurity-nginx connector and compiles OpenResty with the connector module. This recipe is specific to CentOS 6.x and OpenResty. ```bash $ cd /opt/ $ git clone https://github.com/owasp-modsecurity/ModSecurity-nginx $ wget https://openresty.org/download/ngx_openresty-1.9.7.1.tar.gz $ tar -xvzf ngx_openresty-1.9.7.1.tar.gz $ ./configure --add-module=/opt/ModSecurity-nginx ``` -------------------------------- ### Build ModSecurity RPM Package for Nginx Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Builds the RPM package using the 'nginx-modsecurity.spec' file. This command should be executed from the directory containing the spec file. ```bash #rpm spec file nginx-modsecurity.spec cd /root/rpmbuild/SPECS #create file #nginx-modsecurity.spec rpmbuild -ba nginx-modsecurity.spec ``` -------------------------------- ### Clone and Compile ModSecurity v3 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Clones the ModSecurity v3 repository, initializes and updates submodules, and then compiles the library. ```bash git clone --depth 1 -b v3/master --single-branch https://github.com/owasp-modsecurity/ModSecurity cd ModSecurity git submodule init git submodule update ./build.sh ./configure make -j2 #takes about 15 minutes make install ``` -------------------------------- ### Define Library Sources Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Globally finds all .cc source files within the src directory for the libModSecurity library. ```cmake file(GLOB_RECURSE libModSecuritySources ${BASE_DIR}/src/*.cc) ``` -------------------------------- ### Run Target Process with GDB Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Debugging-ModSecurity Execute the target program within GDB, passing any necessary command-line arguments. The program will run as if launched directly, allowing for interaction and crash reproduction. ```bash (gdb) run -X Starting program: /usr/sbin/apache2 -X [Thread debugging using libthread_db enabled] ... ``` -------------------------------- ### Build Rules Optimization Executable Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/CMakeLists.txt Configures the build to include the rules optimization executable. This tool is used for optimizing ModSecurity's rule sets. ```cmake add_executable(rules_optimization ${BASE_DIR}/test/optimization/optimization.cc) setTestTargetProperties(rules_optimization) ``` -------------------------------- ### Compile nginx connector on macOS 10.13 Source: https://github.com/owasp-modsecurity/modsecurity/wiki/Compilation-recipes-for-v3.x Clones the ModSecurity-nginx connector and modifies the Homebrew nginx formula to include it. Builds nginx from source with the ModSecurity module. ```sh MOD_SECURITY_INC=/usr/local/opt/ModSecurity/headers/ MOD_SECURITY_LIB=/usr/local/opt/ModSecurity/src/.libs/ cd /usr/local/opt/ git clone https://github.com/owasp-modsecurity/ModSecurity-nginx # NOW edit the brew nginx formula to have two chunks added (brew edit nginx) option "with-modsecurity", "Compile with v3 ModSecurity module" # then later near the bottom, add a chunk that detects this and adds the module if build.with? "modsecurity" args << "--add-module=/usr/local/opt/ModSecurity-nginx" end # Use homebrew to build it from source with the new argument you just added: brew install -vd --build-from-source nginx --with-modsecurity # You should see in the output somewhere that it "found /usr/local/modsecurity", or close to that. # TEST that with (make sure you see "--add-module=/usr/local/opt/ModSecurity-nginx" in there, likely at end) nginx -V ``` -------------------------------- ### ModSecurity Rule with Argument Check Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/test/test-cases/data/config_example3.txt Defines a ModSecurity rule that checks if any argument in the request contains the string 'config_example'. The rule passes the request and logs its ID. ```modsecurity SecRule ARGS "@contains config_example" "id:1000,pass,t:trim" ``` -------------------------------- ### Configure Build for Debugging with Assertions Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/README.md Disable compiler optimizations and enable assertions for easier debugging. This involves setting CFLAGS and using specific configure flags during the build process. ```shell $ export CFLAGS="-g -O0" $ ./build.sh $ ./configure --enable-assertions=yes $ make $ sudo make install ``` -------------------------------- ### Run ModSecurity Docker Container Interactively Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/README.md Execute the ModSecurity Docker container interactively for additional development work. ```docker docker run -it libmodsecurity ``` -------------------------------- ### Build ModSecurity Docker Image Source: https://github.com/owasp-modsecurity/modsecurity/blob/v3/master/build/win32/README.md Build the ModSecurity Docker image using docker build. The command can be executed from the build\win32\docker directory. Build type, architecture, and Address Sanitizer can be configured via build arguments. ```docker docker build -t libmodsecurity:latest -m 4GB . ``` ```docker --build-arg BUILD_TYPE=Debug ```