I read here: http://forums.cpanel.net/showthread.php?t=74220&highlight=mod_security+XML that in a future EA3 release, mod_security 2.1.5 will be compiled with XML support. However, I think I may have found a temporary and workable fix in the meantime. I apologize if this is not allowed. This is for Apache 2.2.X I downloaded mod_security 2.1.5 and recompiled it with libxml2 and the PCRE headers downloaded by EasyApache. (This may vary by configuration. You can use locate srclib/pcre to find the correct path) Inside "Makefile", change "top_dir" and "INCLUDES" to state the following: Make compiled mod_security fine. As per the install instructions, stop Apache, run make install, do a configtest. Alas, Apache is broken. For XML support to work, you need to include: LoadFile /usr/lib/libxml2.so HOWEVER, doing this above your other Loadmodules will break Apache when it loads PHP. To fix this, I commented out LoadModule security2_module modules/mod_security2.so, Include "/usr/local/apache/conf/modsec2.conf", and Include "/usr/local/apache/conf/php.conf" I placed, in this exact order, the commented lines below "Include /usr/local/apache/conf/php.conf": (This may vary by server configuration). LoadFile /usr/lib/libxml2.so LoadModule security2_module modules/mod_security2.so Include "/usr/local/apache/conf/modsec2.conf" The core rules (with XML) work perfectly after starting Apache, as well as any custom rules you prefer to use. For tidyness, I just copy the core rules into modsec2.user.conf as well as my custom rules, and include them in modsec2.conf.