It seems like mod_security want to use other PCRE?

I'm dealing with this problems a couple of weeks and i can't get it to work.. Still a beginner and learning my way into Linux. I will first show the error, and i will tell what i think is wrong:

I try to make mod_security but i get this error:
__________________________________________>

/usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX =2 -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/include -I/usr/include/apache -I/usr/include/apr-1 -I/usr/include/apache -O2 -g -Wall -DWITH_PCRE _STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 - I/usr/include/apache -I/usr/include/apache -I. -I/usr/local/directadmin/custombuild/httpd-2.2.17/srclib/apr/include -I/usr/local/directadmin/custombuild/httpd-2.2.17/srclib/apr-util/include -I/usr/local/directadmin/custombuild/httpd-2.2.17/ srclib/apr-util/xml/expat/lib -I/usr/local/include -I/usr/include -I/usr/kerberos/include -I/usr/local/include -I/usr/local/include/libxml2 -c -o msc_pcre.lo m sc_pcre.c && touch msc_pcre.slo
msc_pcre.c: In function 'msc_pregcomp_ex':
msc_pcre.c:73: error: invalid application of 'sizeof' to incomplete type 'pcre_extra'
msc_pcre.c:77: error: invalid application of 'sizeof' to incomplete type 'pcre_extra'
msc_pcre.c:98: warning: ignoring #pragma message
msc_pcre.c:119: warning: ignoring #pragma message
apxs:Error: Command failed with rc=65536
.
make: *** [mod_security2.la] Error 1

____________________________________________<

I see it wants to do something in /usr/include/apache .. but that does not exists?

But i guess the problem is this i have 2 pcre installed one with yum install pcre and one with pcre comstumbuild ./build pcre

The yum installed version is:
Package pcre-8.02-1.jason.1.x86_64 already installed and latest version

and the directadmin costumbuild pcre is the on that seems to be running on the server:
-bash-3.2# pcretest -C
PCRE version 8.10 2010-06-25
Compiled with
UTF-8 support
Unicode properties support
Newline sequence is LF
\R matches all Unicode newlines
Internal link size = 2
POSIX malloc threshold = 10
Default match limit = 10000000
Default recursion depth limit = 10000000
Match recursion uses stack




I have found kind of simular threads and i hear them talking about:
"The solution is simply replace the the pcre.h at /usr/local/apache/include
by the new one(8.0.1) at /usr/local/include"
http://web.archiveorange.com/archive/v/eCIWmXHWwviop6FixKTV

I have a CentOS 5.5 64Bit Directadmin + PHP5.3.3

In the beginning i had simular error report as the link above:
#warning This PCRE version does not support match
recursion limits! Upgrade to at least PCRE v6.5.

i think after yum update or yum install pcre this turned in this other error from above.
So i guess it's using the wrong pcre, not the one build with directadmin(and that is running on the server)...

I really don't know what to do?

Arg... nobody with any clue ... or advise?

I'm thinking of totally start from scratch..Give my VPS a clean install.. i'm trying to get this working the couple of days.. it would take less time to configure everything from scratch. (but i don't like to do that.. because it also took me much hours implementing security features) or i forget some security features...

Also i installed a rpm from atomicorp:
wget -q -O - http://www.atomicorp.com/installers/atomic | sh

and if i run yum install mod_security
it says No package mod_security available.

But it has to there?

I have CentOS 5.5 x86_64 with Directadmin

YEs i found something interesting about yum..

in the conf/yum.conf i see that mod_ was excluded!


exclude=apache* httpd* mysql* MySQL* mod_* da_* *ftp* exim* sendmail* php* bind-chroot*

is this done by directadmin?
anyway.. now it still doesn't work because it also wantes to download httpd.. but i think that was their not for nothing so i'm going to find a other rpm and hope that one does not require httpd!

dont touch it.

mr.applesauce said:

dont touch it.

Click to expand...

Yes i will put back the mod_
i did not install it... because of the httpd etc.


Perhaps this is interesting:

-bash-3.2# cd /root/modsecurity-apache_2.5.13
-bash-3.2# cd apache2
-bash-3.2# ./configure
....
checking for libpcre config script... /usr/local/bin/pcre-config
configure: using '-L/usr/local/lib -lpcre' for pcre Library
....

When i browse /usr/local/lib i see no pcre or lpcre what so ever?

I found this in the installer document, not sure yet how to do it yet. But i guess this is what i was looking for.. if i have succes i will report

You want to avoid Apache using the bundled PCRE library and ModSecurity linking against the one provided by the operating system. The easiest way to do this is to compile Apache against the PCRE library provided by the operating system (or you can compile it against the latest PCRE version you downloaded from the main PCRE distribution site). You can do this at configure time using the --with-pcre switch. If you are not in a position to recompile Apache, then, to compile ModSecurity successfully, you'd still need to have access to the bundled PCRE headers (they are available only in the Apache source code) and change the include path for ModSecurity (as you did in step 7 above) to point to them (via the --with-pcre ModSecurity configure option).

Click to expand...

Do i need to rebuild apache after i did a:
./build pcre


Perhaps that could be the problem..

YES YES YES YESSSSSSSSSSSSSSSSSSSSSSSSSSS


I have had troubles with this the last months..

And now i want to ask why this happend?

ok so the solution is simple but i overlooked:

Copy the pcre.h from /usr/include/
TO /usr/include/apache and replace the old pcre.h (always backup)

Now HOW is this possible? and why do i have a apache directory? i mean i though directadmin uses a costumbuild

i also see a old pcreposix.h in the /apache dir should i replace this also!?

Still very strainge.. could it be mod_security scans for directories and thinks i have normal apache installed instead of the directadmin costumbuild.

So should i have this directory? is this normal? I also see more old files in their?