Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PCRE2 support to ModSecurity v2 #2737

Closed
martinhsv opened this issue May 4, 2022 · 4 comments
Closed

Add PCRE2 support to ModSecurity v2 #2737

martinhsv opened this issue May 4, 2022 · 4 comments
Labels
2.x Related to ModSecurity version 2.x

Comments

@martinhsv
Copy link
Contributor

martinhsv commented May 4, 2022
edited
Loading

The legacy PCRE implementation (more recently referred to as PCRE1) is no longer being updated, with v8.45 (from June 2021) expected to be the final version.

Also, Apache HTTP Server recently (as of 2.4.53) changed to support PCRE2.

Given the above, ModSecurity v2.9.x should be updated to support PCRE2 (as has already been done for the ModSecurity v3 branch via #2668 ).
@martinhsv martinhsv added the 2.x Related to ModSecurity version 2.x label May 4, 2022
@dune73
Copy link
Member

dune73 commented May 4, 2022

That would be highly welcome. We are observing the way PCRE1 becomes obsolete and would welcome a shift to PCRE2 for ModSec 2.9.

@jcchavezs jcchavezs mentioned this issue Jul 18, 2022
Open
@vinaykumarlaxman
Copy link

vinaykumarlaxman commented Aug 23, 2022
edited
Loading

The legacy PCRE implementation (more recently referred to as PCRE1) is no longer being updated, with v8.45 (from June 2021) expected to be the final version.

Also, Apache HTTP Server recently (as of 2.4.53) changed to support PCRE2.

Given the above, ModSecurity v2.9.x should be updated to support PCRE2 (as has already been done for the ModSecurity v3 branch via #2668 ).

@martinhsv , Could you give us a tentative date for this undertaking?
Is just merging (f84614f#diff-aa2169b293a3363fc744929dd76991d33aaaec98b880d7502732d5ac138f61fc) to v2 branch enough to add support of PCRE2?

@martinhsv
Copy link
Contributor Author

Hello @vinaykumarlaxman ,

This item is considered to be fairly high priority. However, providing a precise date is not possible. I expect to work on this soon, but all items are potentially subject to higher-priority items arising.

No, it is not a simple matter of merging the v3 changes. For one thing, ModSecurity v3 is written in C++, while ModSecurity v2 is written in C.

@martinhsv
Copy link
Contributor Author

The PCRE2 functionality for ModSecurity v2 with Apache is now available for use.

The configure step by default will still attempt to use the legacy pcre1. If you wish to build with pcre2, you can use

./configure --with-pcre2

Note that implementation work so far includes the main functionality as well as mlogc, but so far not:

  • the optional PCRE2 Jit functionality
  • build infrastructure for ModSecurity for IIS
  • the separate alp2 audit parser lib (Is anybody still using this? It looks obsolete?)

@martinhsv martinhsv mentioned this issue May 29, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.x Related to ModSecurity version 2.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dune73 @martinhsv @vinaykumarlaxman