Libmodsecurity is the one part of the ModSecurity v3 venture

Libmodsecurity is the one part of the ModSecurity v3 venture

The collection codebase serves as an interface to ModSecurity fittings taking-in web traffic and using old-fashioned ModSecurity handling. Generally, it gives the ability to load/interpret formula written in the ModSecurity SecRules format and apply them to HTTP articles supplied by the job via fittings.

To build this documents, kindly utilize the doxygen energy together with the offered arrangement file, aˆ?doxygen

  • All Apache dependencies have now been got rid of
  • Higher efficiency
  • New features
  • Brand-new design

Libmodsecurity is actually a complete write of the ModSecurity system. If it was created the ModSecurity task begun as just an Apache module. In the long run the project has been lengthened, as a result of popular need, to guide various other programs such as (although not limited by) Nginx and IIS. In order to offer the expanding interest in further platform service, this has became necessary to remove the Apache dependencies fundamental this job, rendering it much more system separate.

As a result of this purpose there is rearchitected Libmodsecurity so that it has stopped being determined by the Apache web servers (both at collection and during runtime). One complication of this would be that across all networks consumers should expect increasing efficiency. Also, there is taken this chance to set the groundwork for many new features that consumers have already been long getting. As an example we are seeking natively assistance auditlogs inside JSON structure, along dating in your 40s with many various other usability in the future versions.

The ‘ModSecurity’ part no further provides the traditional component reason (for Nginx, Apache, and IIS) which has had typically become manufactured all together. Alternatively, this department just contains the library part (libmodsecurity) with this project. This library is ate by what we’ve termed ‘Connectors’ these fittings will program along with your webserver and provide the collection with a standard structure that it recognizes. Every one of these connectors is actually managed as a different GitHub task. Including, the Nginx connector is supplied by ModSecurity-nginx job (

Keeping these connectors split enables each venture to have different production cycles, issues and developing woods. In addition, it indicates that whenever you install ModSecurity v3 you simply get exactly what you may need, no extras you will not be utilizing.

Before starting the compilation process, be sure that you have got all the dependencies positioned. See the subsection aˆ?Dependenciesaˆ? for additional ideas.

Following compilation ensure there are not any issues on your build/platform. We strongly recommend the use of the machine tests and regression tests. These examination utilities are located beneath the subfolder aˆ?tests’.

As a vibrant library, don’t forget that libmodsecurity must be installed to a spot (folder) where you OS will likely be selecting vibrant libraries.

This library is written in C++ utilising the C++11 criteria. What’s more, it utilizes Flex and Yacc to create the aˆ?Sec Rules Languageaˆ? parser. Other, required dependencies integrate YAJL, as ModSecurity utilizes JSON for making logs and its own tests structure, libpcre (not even necessary) for handling standard expressions in SecRules, and libXML2 (not yet mandatory) which is used for parsing XML desires.

All others dependencies are linked to operators given within SecRules or configuration directives and will not be needed for compilation. A short range of these dependencies is really as comes after:

In order to create this paperwork, be sure to use the doxygen energy making use of supplied configuration file, aˆ?doxygen

  • libinjection required the operator and
  • curl becomes necessary for your directive SecRemoteRules.

If those libraries tend to be lost ModSecurity should be put together without the service the user plus the setting directive SecRemoteRules.

The collection documentation is created within code in Doxygen style. cfgaˆ?, operating making use of “doc/” subfolder. This will produce HTML formatted documentation including consumption examples.