{"id":49,"date":"2014-02-27T10:25:05","date_gmt":"2014-02-26T21:25:05","guid":{"rendered":"http:\/\/micro.muppetz.com\/blog\/?p=49"},"modified":"2015-01-23T11:45:29","modified_gmt":"2015-01-22T22:45:29","slug":"modsecurity","status":"publish","type":"post","link":"https:\/\/micro.muppetz.com\/blog\/2014\/02\/27\/modsecurity\/","title":{"rendered":"modsecurity"},"content":{"rendered":"<p>I re-enabled modsecurity, this time with the PCRE JIT.<\/p>\n<p>To do this I had to do the following:<\/p>\n<p>Build the latest version of pcre.<br \/>\nInstall it in \/usr\/local\/pcre<\/p>\n<p>Modify the apache startup to use LD_PRELOAD to load the new libpcre.so instead of the standard system one.<br \/>\nI could have overwritten this using ld.so.preload but that&#8217;s a system-wide changes and I don&#8217;t know what else I might break, seeing as most other things will be compiled against the old version.<\/p>\n<p>Finally I had to modify the apache2 binary so that it&#8217;s allowed to create code at runtime (we are doing JIT here, afterall)<\/p>\n<p>paxctl -cm \/usr\/lib\/apache2\/mpm-prefork\/apache2<\/p>\n<p>Now it seems to be working fine.<\/p>\n<p>PCRE was compiled like so:<\/p>\n<p>.\/configure &#8211;prefix=\/usr\/local\/pcre &#8211;enable-jit &#8211;enable-pcre16 &#8211;enable-pcre32 &#8211;enable-utf &#8211;enable-unicode-properties &#8211;disable-static<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I re-enabled modsecurity, this time with the PCRE JIT. To do this I had to do the following: Build the latest version of pcre. Install it in \/usr\/local\/pcre Modify the apache startup to use LD_PRELOAD to load the new libpcre.so instead of the standard system one. I could have overwritten this using ld.so.preload but that&#8217;s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33,18,10],"tags":[49,21,20],"class_list":["post-49","post","type-post","status-publish","format-standard","hentry","category-computers","category-security","category-technical","tag-apache","tag-linux","tag-security"],"_links":{"self":[{"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/posts\/49","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/comments?post=49"}],"version-history":[{"count":1,"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/posts\/49\/revisions"}],"predecessor-version":[{"id":50,"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/posts\/49\/revisions\/50"}],"wp:attachment":[{"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/media?parent=49"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/categories?post=49"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/micro.muppetz.com\/blog\/wp-json\/wp\/v2\/tags?post=49"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}