Pivotal Knowledge Base

Follow

How to build mod_security for vFabric Web Server

Purpose

This article describes the steps required to build the third party module, mod_security, for vFabric Web Server 5.x.

Resolution

Install Prerequisites

If you have not done so already, you'll need to perform the following steps to prepare your environment.

  1. Download vFabric Web Server 5.2, or the latest version at the time of installation, and the development files.  The development files are a separate download on the same page as the vFabric Web Server download. 

  2. Follow the instructions to install vFabric Web Server 5.x and the development files.

       http://pubs.vmware.com/vfabric52/topic/com.vmware.vfabric.web-server.5.2/web-server/install.html

  3. Download mod_security 2.7.1, or the latest version at the time of installation.  Unzip the files.

  4. Download any prerequisite software required by mod_security.  Included with vFabric Web Server are libapr, libapr-util and libpcre, so you do not need to install these libraries.  For a typical installation, you'll need to install libxml2 and libuuid, but additional dependencies may be required depending on the version of mod_security and if you utilize any optional features like the Lua engine or log collector.

Prepare to Build

There are a couple steps required to setup the build environment.  These steps will ensure that the correct libraries are used to build mod_security.

The first step is to export the environment variables used by vFabric Web Server.  This is done by running the following commands.

    export VFWS=/full/path/to/vfabric-web-server/httpd-2.2
    source $VFWS/bin/envvars

The first command will setup an environment variable that contains the full path to our vFabric Web Server's Apache files and the second command will export environment variables required by the vFabric Web Server binaries.

The next step is to create a script so that the mod_security build tools can find the version of libpcre that is included with vFabric Web Server.  The Autoconf script that comes with mod_security expects a utility to exist called pcre-config.  While vFabric Web Server does not include this utility, the following steps can be used to create a compatible replacement.

  1. Create the following file $VFWS/bin/pcre-config

  2. Edit the file and the following lines.
        export PKG_CONFIG_PATH=$VFWS/lib/pkgconfig
        pkg-config $@ libpcre
  3. Run the following command on the file.
        chmod 755 pcre-config

Build and Install

You are now ready to build mod_security.  The following instructions will walk you through the process.

  1. In a terminal, change directories to where you extracted the mod_security files.

  2. Run the configuration (i.e. Autoconf) script, using the options specified below.
        ./configure --with-apxs=$VFWS/bin/apxs --with-apr=$VFWS/bin/apr-1-config --with-apu=$VFWS/bin/apu-1-config --with-pcre=$VFWS/bin/pcre-config
  3. Build and install mod_security
    make
    make install

After you run the last command, you can confirm that the build and install was successful by looking for the file $VFWS/modules/mod_security2.so.  If this file exists, then it is likely that the module was built and installed successfully.  If it does not exist, check the build output for possible errors.

Module Activation

The module can be activated by using the following steps.

  1. If you have not done so already, create a new vFabric Web Server instance.  Instructions for doing this can be found at the following link.

    http://pubs.vmware.com/vfabric52/topic/com.vmware.vfabric.web-server.5.2/web-server/instances.html

  2. Edit the main configuration file for your instance, conf/httpd.conf.  Add the following line at the bottom of the section where the other modules are being loaded.

        LoadModule security2_module "/full/path/to/vfws/apache2.2-64/modules/mod_security2.so"

  3. To test the module and it's activation run the following command.
        bin/httpdctl configtest

If the last command succeeds then you have successfully built, installed and activated mod_security.

Additional Information

Tips

  • After installing vFabric Web Server and the vFabric Web Server Development files, make sure that you run the fixrootpath.pl script as indicated in the installation instructions.  If you forget to run this file, you'll see odd errors like the following when trying to build.
    # ./configure --with-apxs=$VFWS/bin/apxs --with-apr=$VFWS/bin/apr-1-config --with-apu=$VFWS/bin/apu-1-config --with-pcre=$VFWS/bin/pcre-config
    checking for a BSD-compatible install... /usr/bin/install -c
    checking whether build environment is sane... yes
    checking for a thread-safe mkdir -p... /bin/mkdir -p
    ....
    Checking plataform... Identified as Linux
    configure: looking for Apache module support via DSO through APXS
    Possible unintended interpolation of @PRODUCT_ROOT in string at /opt/vmware/vfabric-web-server/httpd-2.2/bin/apxs line 28.
    Global symbol "@PRODUCT_ROOT" requires explicit package name at /opt/vmware/vfabric-web-server/httpd-2.2/bin/apxs line 28.
    Execution of /opt/vmware/vfabric-web-server/httpd-2.2/bin/apxs aborted due to compilation errors.
    Possible unintended interpolation of @PRODUCT_ROOT in string at /opt/vmware/vfabric-web-server/httpd-2.2/bin/apxs line 28.
    Global symbol "@PRODUCT_ROOT" requires explicit package name at /opt/vmware/vfabric-web-server/httpd-2.2/bin/apxs line 28.
  • If you are building against vFabric Web Server 5.0.x, you do not need to install a separate package for development files.  The development files are included with standard installation.

Related Education

Installation instructions for mod_security.

    https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Installation_for_Apache

©VMware 2013

Comments

Powered by Zendesk