Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Temporary fix for mod_security and XML?

Discussion in 'Security' started by ChadE, Jan 28, 2008.

  1. ChadE

    ChadE Active Member

    Mar 14, 2005
    Likes Received:
    Trophy Points:
    I read here:
    that in a future EA3 release, mod_security 2.1.5 will be compiled with XML support. However, I think I may have found a temporary and workable fix in the meantime. I apologize if this is not allowed.

    This is for Apache 2.2.X

    I downloaded mod_security 2.1.5 and recompiled it with libxml2 and the PCRE headers downloaded by EasyApache.
    (This may vary by configuration. You can use locate srclib/pcre to find the correct path)

    Inside "Makefile", change "top_dir" and "INCLUDES" to state the following:
    Make compiled mod_security fine. As per the install instructions, stop Apache, run make install, do a configtest. Alas, Apache is broken. For XML support to work, you need to include:

    LoadFile /usr/lib/

    HOWEVER, doing this above your other Loadmodules will break Apache when it loads PHP. To fix this, I commented out LoadModule security2_module modules/, Include "/usr/local/apache/conf/modsec2.conf", and Include "/usr/local/apache/conf/php.conf"

    I placed, in this exact order, the commented lines below "Include /usr/local/apache/conf/php.conf":
    (This may vary by server configuration).

    LoadFile /usr/lib/
    LoadModule security2_module modules/
    Include "/usr/local/apache/conf/modsec2.conf"

    The core rules (with XML) work perfectly after starting Apache, as well as any custom rules you prefer to use. For tidyness, I just copy the core rules into modsec2.user.conf as well as my custom rules, and include them in modsec2.conf.

Share This Page