I re-enabled modsecurity, this time with the PCRE JIT.

To do this I had to do the following:

Build the latest version of pcre.
Install it in /usr/local/pcre

Modify the apache startup to use LD_PRELOAD to load the new libpcre.so instead of the standard system one.
I could have overwritten this using ld.so.preload but that’s a system-wide changes and I don’t know what else I might break, seeing as most other things will be compiled against the old version.

Finally I had to modify the apache2 binary so that it’s allowed to create code at runtime (we are doing JIT here, afterall)

paxctl -cm /usr/lib/apache2/mpm-prefork/apache2

Now it seems to be working fine.

PCRE was compiled like so:

./configure –prefix=/usr/local/pcre –enable-jit –enable-pcre16 –enable-pcre32 –enable-utf –enable-unicode-properties –disable-static