diff --git a/.github/workflows/test-ci-windows.yml b/.github/workflows/test-ci-windows.yml index fa27757d33..421a3b3701 100644 --- a/.github/workflows/test-ci-windows.yml +++ b/.github/workflows/test-ci-windows.yml @@ -37,7 +37,7 @@ jobs: echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: Setup MSYS2 - uses: msys2/setup-msys2@fb197b72ce45fb24f17bf3f807a388985654d1f2 + uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda #v2.30.0 with: msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }} update: true @@ -100,6 +100,7 @@ jobs: -A $cmakeArch ` -DWITH_LUA=ON ` -DWITH_YAJL=ON ` + -DWITH_PCRE_JIT=ON ` -S IIS -B "iis\build" - name: Build IIS Module @@ -166,29 +167,122 @@ jobs: name: modsecurityiis-installers-${{ matrix.config }} path: ${{ github.workspace }}/ + - name: Install VC++ 2019 Redistributables (Prerequisites) + shell: pwsh + run: | + Write-Host "=== Checking Pre-Existing VC++ Installations ===" + Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | + Where-Object { $_.DisplayName -like "*Visual C++*" -or $_.DisplayName -like "*Microsoft Visual Studio*Runtime*" } | + Select-Object DisplayName, DisplayVersion, PSChildName | + Format-Table -AutoSize + + Write-Host "`n=== Installing Visual C++ 2019 Redistributable (x64) ===" + $vc_x64_url = "https://aka.ms/vs/17/release/vc_redist.x64.exe" + $vc_x64_installer = "${{ github.workspace }}\vc_redist.x64.exe" + Invoke-WebRequest -Uri $vc_x64_url -OutFile $vc_x64_installer + $x64Process = Start-Process -FilePath $vc_x64_installer -ArgumentList "/install", "/quiet", "/norestart" -Wait -PassThru + Write-Host "VC++ x64 installer exit code: $($x64Process.ExitCode)" + # Exit codes: 0 = success, 1638 = already installed (newer version), 3010 = success (reboot required) + if ($x64Process.ExitCode -notin @(0, 1638, 3010)) { + Write-Error "VC++ x64 installation failed with exit code $($x64Process.ExitCode)" + exit 1 + } + + Write-Host "`n=== Installing Visual C++ 2019 Redistributable (x86) ===" + $vc_x86_url = "https://aka.ms/vs/17/release/vc_redist.x86.exe" + $vc_x86_installer = "${{ github.workspace }}\vc_redist.x86.exe" + Invoke-WebRequest -Uri $vc_x86_url -OutFile $vc_x86_installer + $x86Process = Start-Process -FilePath $vc_x86_installer -ArgumentList "/install", "/quiet", "/norestart" -Wait -PassThru + Write-Host "VC++ x86 installer exit code: $($x86Process.ExitCode)" + # Exit codes: 0 = success, 1638 = already installed (newer version), 3010 = success (reboot required) + if ($x86Process.ExitCode -notin @(0, 1638, 3010)) { + Write-Error "VC++ x86 installation failed with exit code $($x86Process.ExitCode)" + exit 1 + } + + Write-Host "VC++ 2019 Redistributables installed successfully" + + # Verify installations + Write-Host "`nVerifying VC++ installations in registry..." + $vc142x64 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" -Name "Installed" -ErrorAction SilentlyContinue).Installed + # On 64-bit Windows, x86 runtime is in WOW6432Node + $vc142x86 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\VisualStudio\14.0\VC\Runtimes\x86" -Name "Installed" -ErrorAction SilentlyContinue).Installed + Write-Host "VC++ 2019 x64 in registry: $vc142x64" + Write-Host "VC++ 2019 x86 in registry: $vc142x86" + + if (-not $vc142x64 -or -not $vc142x86) { + Write-Error "VC++ redistributables not properly registered. x64=$vc142x64, x86=$vc142x86" + exit 1 + } + - name: Install MSI shell: pwsh run: | + Write-Host "=== Pre-Installation Debug Info ===" + + # Check MSI file $msiPath = "${{ github.workspace }}\modsecurityiis.msi" if (-not (Test-Path $msiPath)) { Write-Error "MSI file not found at $msiPath" exit 1 } - - # Install with logging for debugging + Write-Host "MSI file found: $msiPath" + Write-Host "MSI file size: $((Get-Item $msiPath).Length) bytes" + + # Check IIS version + $iisVersion = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\InetStp" -Name "MajorVersion" -ErrorAction SilentlyContinue).MajorVersion + Write-Host "IIS Version: $iisVersion" + + # Check VC++ redistributables + $vc142x64 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" -Name "Installed" -ErrorAction SilentlyContinue).Installed + $vc142x86 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\VisualStudio\14.0\VC\Runtimes\x86" -Name "Installed" -ErrorAction SilentlyContinue).Installed + Write-Host "VC++ 2019 x64 installed: $vc142x64" + Write-Host "VC++ 2019 x86 installed: $vc142x86" + + Write-Host "`n=== Starting MSI Installation ===" + + # Install with verbose logging $installLog = "${{ github.workspace }}\install.log" $installResult = Start-Process -FilePath "msiexec.exe" -ArgumentList @( "/i", "`"$msiPath`"", "/qn", "/norestart", - "/l*", "`"$installLog`"" + "/l*vx", "`"$installLog`"" ) -Wait -PassThru - + + Write-Host "Installation process completed with exit code: $($installResult.ExitCode)" + + # Check if log file was created + if (Test-Path $installLog) { + $logSize = (Get-Item $installLog).Length + Write-Host "Install log created: $installLog ($logSize bytes)" + + } else { + Write-Host "WARNING: Install log was not created at $installLog" + } + if ($installResult.ExitCode -ne 0) { + Write-Host "`n=== Full Installation Log (installation failed) ===" + if (Test-Path $installLog) { + $logSize = (Get-Item $installLog).Length + if ($logSize -gt 0) { + Get-Content $installLog -Raw | Write-Host + } else { + Write-Host "WARNING: Log file is empty!" + } + } + Write-Host "`n=== Installation Failed ===" + Write-Host "Exit code: $($installResult.ExitCode)" + Write-Host "Common MSI error codes:" + Write-Host " 1603 - Fatal error during installation" + Write-Host " 1619 - Package could not be opened" + Write-Host " 1620 - Package could not be opened (corrupt)" + Write-Host " 1633 - Platform not supported" Write-Error "MSI installation failed with exit code $($installResult.ExitCode)" - Get-Content $installLog | Write-Host exit 1 } + + Write-Host "`n=== Installation Successful ===" $installDir = "C:\Program Files\ModSecurity IIS" $requiredFiles = @( @@ -204,13 +298,13 @@ jobs: } } - - name: Install OWASP Core Rules + - name: Install OWASP CRS shell: pwsh run: | - $crsVersion = "v4.18.0" - $crsUrl = "https://github.com/coreruleset/coreruleset/archive/refs/tags/$crsVersion.tar.gz" - $crsDir = "C:\Program Files\ModSecurity IIS\coreruleset" - $modSecurityConfigDir = "C:\Program Files\ModSecurity IIS" + $crsVersion = "4.23.0" + $crsUrl = "https://github.com/coreruleset/coreruleset/archive/refs/tags/v$crsVersion.tar.gz" + $crsDir = 'C:\Program Files\ModSecurity IIS\coreruleset' + $modSecurityConfigDir = 'C:\Program Files\ModSecurity IIS' try { New-Item -ItemType Directory -Path $crsDir -Force @@ -221,8 +315,9 @@ jobs: $newName = $_.Name.Replace(".example", "") Rename-Item -Path $_.FullName -NewName $newName } - + $modSecurityConfigFile = "$modSecurityConfigDir\modsecurity_iis.conf" + $modsecConf = "$modSecurityConfigDir\modsecurity.conf" $crsRules = @( "Include coreruleset/crs-setup.conf", @@ -234,8 +329,7 @@ jobs: Add-Content -Path $modSecurityConfigFile -Value $crsRules - (Get-Content -Path $modSecurityConfigDir\modsecurity.conf) -replace 'SecRuleEngine DetectionOnly', 'SecRuleEngine On' | Set-Content -Path $modSecurityConfigDir\modsecurity.conf - + (Get-Content -Path $modsecConf) -replace 'SecRuleEngine DetectionOnly', 'SecRuleEngine On' | Set-Content -Path $modsecConf } catch { Write-Error "Failed to install OWASP Core Rules: $($_.Exception.Message)" diff --git a/README_WINDOWS.md b/README_WINDOWS.md index dcb7e0db3a..57af1e3c7b 100644 --- a/README_WINDOWS.md +++ b/README_WINDOWS.md @@ -8,37 +8,41 @@ by Tom Donovam, 4/2/2011 Dependency | Tested with | Note ----|------|---- -Microsoft Visual Studio C++ | Visual Studio 2013 (aka VC12) | -[CMake build system](http://www.cmake.org/) | CMake v3.8.2 | -[Apache 2.4.x](http://httpd.apache.org/) | Apache 2.4.27 | Apache must be built from source using the same Visual Studio compiler as mod_security. -[PCRE, Perl Compatible Regular Expression library](http://www.pcre.org/) | PCRE v8.40 -[LibXML2](http://xmlsoft.org/) | LibXML2 v2.9.4 | -[Lua Scripting Language](http://www.lua.org/) | Lua v5.3.4 -[cURL multiprotocol file transfer library](http://curl.haxx.se/) | cURL v7.54.0 +Microsoft Visual Studio C++ | Visual Studio 2019 (aka VS16) | +[CMake build system](http://www.cmake.org/) | CMake v4.2.3 | +[Apache 2.4.x](http://httpd.apache.org/) | Apache 2.4.66 | Apache must be built from source using the same Visual Studio compiler as mod_security. +[PCRE2, Perl Compatible Regular Expression library](https://www.pcre.org/) | PCRE2 v10.47 | ModSecurity v2 now uses PCRE2 by default (not legacy PCRE) +[LibXML2](http://xmlsoft.org/) | LibXML2 v2.15.1 | +[Lua Scripting Language](http://www.lua.org/) | Lua v5.4.8 +[cURL multiprotocol file transfer library](http://curl.haxx.se/) | cURL v8.18.0 +[zlib compression library](https://zlib.net/) | zlib v1.3.1 ## Before building -The directory where you build software from source ( ``C:\work`` in this exmaple) -must contain the Apache source you used to build the Apache web serverand the mod_security source +The directory where you build software from source ( ``C:\work`` in this example) +must contain the Apache source you used to build the Apache web server and the mod_security source - Apache source is in C:\work\httpd-2.4.27 in this example. - Apache has been installed to C:\Apache2427 in this example. + Apache source is in C:\work\httpd-2.4.66 in this example. + Apache has been installed to C:\Apache2466 in this example. Mod_security source is in C:\work\mod_security in this example. ## Download and untar the prerequisite library sources: - Download pcre-8.40.tar.gz from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ - untar it into C:\work\ creating C:\work\pcre-8.40 + Download pcre2-10.47.zip from https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.47/ + unzip it into C:\work\ creating C:\work\pcre2-10.47 - Download libxml2-2.9.4.tar.gz from ftp://xmlsoft.org/libxml2/ - untar it into C:\work\ creating C:\work\libxml2-2.9.4 + Download libxml2-2.15.1.tar.gz from https://download.gnome.org/sources/libxml2/2.15/ + untar it into C:\work\ creating C:\work\libxml2-2.15.1 - Download lua-5.3.4.tar.gz from http://www.lua.org/ftp/ - untar it into C:\work\ creating C:\work\lua-5.3.4 + Download lua-5.4.8.tar.gz from http://www.lua.org/ftp/ + untar it into C:\work\ creating C:\work\lua-5.4.8 - Download curl-7.54.0.tar.gz from http://curl.haxx.se/download.html - untar it into C:\work\ creating C:\work\curl-7.54.0 + Download curl-8.18.0.zip from https://curl.se/download/ + unzip it into C:\work\ creating C:\work\curl-8.18.0 + + Download zlib-1.3.1.tar.gz from https://github.com/madler/zlib/releases/download/v1.3.1/ + untar it into C:\work\ creating C:\work\zlib-1.3.1 ## Setup your build environment: @@ -49,7 +53,7 @@ must contain the Apache source you used to build the Apache web serverand the mo 3. Set an environment variable to the Apache source code directory: ``` - SET HTTPD_BUILD=C:\work\httpd-2.4.27 + SET HTTPD_BUILD=C:\work\httpd-2.4.66 ``` ### Optional: @@ -71,54 +75,58 @@ If OpenSSL and zlib support were included when you built Apache 2.4, and you wan ## Build -### PCRE-8.40 +### PCRE2-10.47 - CD C:\work\pcre-8.40 - CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True + CD C:\work\pcre2-10.47 + CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True -DPCRE2_BUILD_PCRE2_8=ON -DPCRE2_SUPPORT_JIT=ON NMAKE -### LibXML2-2.9.4 +Note: PCRE2 with JIT support provides better performance and fixes stack overflow issues present in older PCRE versions. + +### LibXML2-2.15.1 - CD C:\work\libxml2-2.9.4\win32 + CD C:\work\libxml2-2.15.1\win32 CSCRIPT configure.js iconv=no vcmanifest=yes zlib=yes NMAKE -f Makefile.msvc -### Lua-5.3.4 +### Lua-5.4.8 - CD C:\work\lua-5.3.4\src + CD C:\work\lua-5.4.8\src CL /Ox /arch:SSE2 /GF /GL /Gy /FD /EHsc /MD /Zi /TC /wd4005 /D "_MBCS" /D "LUA_CORE" /D "LUA_BUILD_AS_DLL" /D "_CRT_SECURE_NO_WARNINGS" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_WIN32" /D "_WINDLL" /c *.c DEL lua.obj luac.obj - LINK /DLL /LTCG /DEBUG /OUT:lua5.1.dll *.obj - IF EXIST lua5.1.dll.manifest MT -manifest lua5.1.dll.manifest -outputresource:lua5.1.dll;2 + LINK /DLL /LTCG /DEBUG /OUT:lua54.dll *.obj + IF EXIST lua54.dll.manifest MT -manifest lua54.dll.manifest -outputresource:lua54.dll;2 -### cURL-7.54.0 +### cURL-8.18.0 - CD C:\work\curl-7.54.0 - CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True -DCURL_ZLIB=True - NMAKE + CD C:\work\curl-8.18.0\winbuild + SET ARCH=x64 + NMAKE /f Makefile.vc mode=dll ENABLE_WINSSL=yes MACHINE=%ARCH% WITH_ZLIB=dll ### ModSecurity-2.9.x CD C:\work\mod_security\apache2 - NMAKE -f Makefile.win APACHE=C:\Apache2427 PCRE=C:\work\pcre-8.40 LIBXML2=C:\work\libxml2-2.9.4 LUA=C:\work\lua-5.3.4\src + NMAKE -f Makefile.win APACHE=C:\Apache2466 PCRE=C:\work\pcre2-10.47 LIBXML2=C:\work\libxml2-2.15.1 LUA=C:\work\lua-5.4.8\src CURL=C:\work\curl-8.18.0 ## Install ModSecurity and run Apache -Copy these five files to ``C:\Apache2427\bin``: +Copy these files to ``C:\Apache2466\bin``: - C:\work\pcre-8.40\pcre.dll C:\Apache2427\bin\ - C:\work\lua-5.3.4\src\lua5.1.dll C:\Apache2427\bin\ - C:\work\libxml2-2.9.4\win32\bin.msvc\libxml2.dll C:\Apache2427\bin\ - C:\work\curl-7.54.0\libcurl.dll C:\Apache2427\bin\ - C:\work\mod_security\apache2\mlogc-src\mlogc.exe + C:\work\pcre2-10.47\pcre2-8.dll C:\Apache2466\bin\ + C:\work\lua-5.4.8\src\lua54.dll C:\Apache2466\bin\ + C:\work\libxml2-2.15.1\win32\bin.msvc\libxml2.dll C:\Apache2466\bin\ + C:\work\curl-8.18.0\builds\libcurl-vc-x64-release-dll-zlib-dll-ipv6-sspi-schannel-obj-lib\libcurl.dll C:\Apache2466\bin\ + C:\work\mod_security\apache2\mlogc-src\mlogc.exe C:\Apache2466\bin\ -Copy this one file to ``C:\Apache2427\modules``: +Copy this one file to ``C:\Apache2466\modules``: C:\work\mod_security\apache2\mod_security2.so -You may also copy ``C:\work\curl-7.54.0\curl.exe`` to ``C:\Apache2427\bin``, if you want to use the cURL command-line program. +You may also copy ``C:\work\curl-8.18.0\curl.exe`` to ``C:\Apache2466\bin``, if you want to use the cURL command-line program. + +Download OWASP CRS from https://github.com/coreruleset/coreruleset/releases/latest and unzip it into ``C:\Apache2466\conf\owasp_crs`` -Download the core rules from http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/ and unzip them into ``C:\Apache2427\conf\modsecurity_crs`` +For example, download ``coreruleset-4.x.x.zip``, extract it, and rename the extracted directory to ``owasp_crs``. Add configuration directives to your Apache conf\httpd.conf: @@ -130,10 +138,11 @@ Add configuration directives to your Apache conf\httpd.conf: SecRuleEngine On SecDataDir logs - Include conf/modsecurity_crs/*.conf - Include conf/modsecurity_crs/base_rules/*.conf + # Include OWASP CRS configuration + Include conf/owasp_crs/crs-setup.conf + Include conf/owasp_crs/rules/*.conf SecAuditEngine RelevantOnly - SecAuditLogRelevantStatus "^(?:5|4\d[^4])" + SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogType Serial SecAuditLogParts ABCDEFGHZ SecAuditLog logs/modsecurity.log @@ -144,17 +153,17 @@ Add configuration directives to your Apache conf\httpd.conf: Edit the top of ``C:\work\mod_security\apache2\mlogc-src\Makefile.win`` and set your local paths # Path to Apache httpd installation - BASE = C:\Apache2427 + BASE = C:\Apache2466 # Paths to required libraries - PCRE = C:\work\pcre-8.40 - CURL = C:\work\curl-7.54.0 + PCRE = C:\work\pcre2-10.47 + CURL = C:\work\curl-8.18.0 # Linking libraries LIBS = $(BASE)\lib\libapr-1.lib \ $(BASE)\lib\libaprutil-1.lib \ - $(PCRE)\pcre.lib \ - $(CURL)\libcurl_imp.lib \ + $(PCRE)\pcre2-8.lib \ + $(CURL)\libcurl.lib \ wsock32.lib Build the ``mlogc.exe`` program: @@ -162,16 +171,16 @@ Build the ``mlogc.exe`` program: CD C:\work\mod_security_trunk\mlogc NMAKE -f Makefile.win -Copy ``mlocg.exe`` to ``C:\Apache2427\bin\`` +Copy ``mlogc.exe`` to ``C:\Apache2466\bin\`` -Create a new command file ``C:\Apache2427\bin\mlogc.bat`` with one line: +Create a new command file ``C:\Apache2466\bin\mlogc.bat`` with one line: - C:\Apache2427\bin\mlogc.exe C:\Apache2427\conf\mlogc.conf + C:\Apache2466\bin\mlogc.exe C:\Apache2466\conf\mlogc.conf -Create a new configuration file ``C:\Apache2427\conf\mlogc.conf`` to control the piped-logging program ``mlogc.exe``. +Create a new configuration file ``C:\Apache2466\conf\mlogc.conf`` to control the piped-logging program ``mlogc.exe``. Here is an example ``conf\mlogc.conf``: - CollectorRoot "C:/Apache2427/logs" + CollectorRoot "C:/Apache2466/logs" ConsoleURI "https://localhost:8888/rpc/auditLogReceiver" SensorUsername "test" SensorPassword "testtest" @@ -191,4 +200,4 @@ Here is an example ``conf\mlogc.conf``: Change the SecAuditLog directive in ``conf\httpd.conf`` to pipe the log data to mlogc instead of writing them to a file: - SecAuditLog |C:/Apache2427/bin/mlogc.bat + SecAuditLog |C:/Apache2466/bin/mlogc.bat diff --git a/apache2/Makefile.win b/apache2/Makefile.win index ed4bfc9ed2..36c3cb21ab 100644 --- a/apache2/Makefile.win +++ b/apache2/Makefile.win @@ -1,6 +1,7 @@ ########################################################################### # -# Usage: NMAKE -f Makefile.win APACHE={httpd installion dir} PCRE={pcre dir} LIBXML2={LibXML2 dir} [ LUA={Lua dir} ] +# Usage: NMAKE -f Makefile.win APACHE={httpd installation dir} PCRE={pcre2 dir} LIBXML2={LibXML2 dir} [ LUA={Lua dir} ] +# Note: ModSecurity v2 uses PCRE2 by default (not legacy PCRE). Set PCRE to your pcre2 build directory. # !IF "$(APACHE)" == "" || "$(PCRE)" == "" || "$(LIBXML2)" == "" || "$(CURL)" == "" !ERROR NMAKE arguments: APACHE=dir PCRE=dir LIBXML2=dir CURL=dir are required to build mod_security2 for Windows @@ -10,8 +11,8 @@ LIBS = $(APACHE)\lib\libhttpd.lib \ $(APACHE)\lib\libapr-1.lib \ $(APACHE)\lib\libaprutil-1.lib \ - $(PCRE)\pcre.lib \ - $(CURL)\libcurl.lib \ + $(PCRE)\pcre2-8.lib \ + $(CURL)\libcurl.lib \ $(LIBXML2)\win32\bin.msvc\libxml2.lib \ Ws2_32.lib \ "iphlpapi.lib" @@ -19,16 +20,16 @@ LIBS = $(APACHE)\lib\libhttpd.lib \ ########################################################################### ########################################################################### - -!IF "$(IIS_BUILD)" == "yes" -DEFS=$(DEFS) -DVERSION_IIS -!ENDIF - + +!IF "$(IIS_BUILD)" == "yes" +DEFS=$(DEFS) -DVERSION_IIS +!ENDIF + CC = CL MT = mt -DEFS = /nologo /O2 /LD /W3 /wd4244 /wd4018 -DWIN32 -DWINNT -Dinline=APR_INLINE -D$(VERSION) +DEFS = /nologo /O2 /LD /W3 /wd4244 /wd4018 -DWITH_PCRE_JIT -DWIN32 -DWINNT -Dinline=APR_INLINE -D$(VERSION) DLL = mod_security2.so @@ -37,13 +38,13 @@ INCLUDES = -I. -I.. \ -I$(PCRE)\include -I$(PCRE) \ -I$(LIBXML2)\include \ -I$(APACHE)\include - -# Enables support for SecRemoteRules and external resources. -DEFS=$(DEFS) -DWITH_CURL -DWITH_REMOTE_RULES + +# Enables support for SecRemoteRules and external resources. +DEFS=$(DEFS) -DWITH_CURL -DWITH_REMOTE_RULES # Lua is optional !IF "$(LUA)" != "" -LIBS = $(LIBS) $(LUA)\lua5.1.lib +LIBS = $(LIBS) $(LUA)\lua54.lib DEFS=$(DEFS) -DWITH_LUA INCLUDES = $(INCLUDES) -I$(LUA)\include -I$(LUA) \ !ENDIF @@ -65,8 +66,8 @@ OBJS = mod_security2.obj apache2_config.obj apache2_io.obj apache2_util.obj \ msc_parsers.obj msc_util.obj msc_pcre.obj persist_dbm.obj \ msc_reqbody.obj msc_geo.obj msc_gsb.obj msc_crypt.obj msc_tree.obj msc_unicode.obj acmp.obj msc_lua.obj \ msc_release.obj \ - msc_status_engine.obj \ - msc_remote_rules.obj \ + msc_status_engine.obj \ + msc_remote_rules.obj \ msc_json.obj \ libinjection/libinjection_html5.obj \ libinjection/libinjection_sqli.obj \ diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 2894717031..10c91e6682 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -126,6 +126,22 @@ typedef struct msc_parm msc_parm; #ifdef WIN32 #include +/* Use ISO C++ conformant names for POSIX functions on Windows */ +#ifdef _MSC_VER +/* Only define if not already defined by APR or other headers */ +#ifndef strcasecmp +#define strcasecmp _stricmp +#endif +#ifndef strncasecmp +#define strncasecmp _strnicmp +#endif +#ifndef chdir +#define chdir _chdir +#endif +/* Disable warnings about "unsafe" CRT functions (getenv, strcpy, etc.) */ +/* These functions are safe in ModSecurity's usage and required for portability */ +#pragma warning(disable: 4996) +#endif #else #include #include diff --git a/iis/CMakeLists.txt b/iis/CMakeLists.txt index fe5e1d0f51..fb800f2d99 100644 --- a/iis/CMakeLists.txt +++ b/iis/CMakeLists.txt @@ -166,6 +166,11 @@ target_compile_definitions(${IIS_MODULE_NAME} PRIVATE ${MODSECURITY_VERSION_FLAG} ) +option(WITH_PCRE_JIT "Enable PCRE2 JIT support" OFF) +if(WITH_PCRE_JIT) + target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_PCRE_JIT) +endif() + option(WITH_LUA "Enable Lua support" OFF) if(WITH_LUA) find_package(Lua CONFIG REQUIRED) diff --git a/iis/Makefile.win b/iis/Makefile.win index 04df4fb430..d79f3a01f0 100644 --- a/iis/Makefile.win +++ b/iis/Makefile.win @@ -1,6 +1,7 @@ ########################################################################### # -# Usage: NMAKE -f Makefile.win APACHE={httpd installion dir} PCRE={pcre dir} LIBXML2={LibXML2 dir} [ LUA={Lua dir} ] +# Usage: NMAKE -f Makefile.win APACHE={httpd installation dir} PCRE={pcre2 dir} LIBXML2={LibXML2 dir} [ LUA={Lua dir} ] +# Note: ModSecurity v2 uses PCRE2 by default (not legacy PCRE). Set PCRE to your pcre2 build directory. # !IF "$(APACHE)" == "" || "$(PCRE)" == "" || "$(LIBXML2)" == "" || "$(CURL)" == "" !ERROR NMAKE arguments: APACHE=dir PCRE=dir LIBXML2=dir CURL=dir are required to build mod_security2 for Windows @@ -9,7 +10,7 @@ # Linking libraries LIBS = $(APACHE)\lib\libapr-1.lib \ $(APACHE)\lib\libaprutil-1.lib \ - $(PCRE)\pcre.lib \ + $(PCRE)\pcre2-8.lib \ $(CURL)\libcurl.lib \ $(LIBXML2)\win32\bin.msvc\libxml2.lib \ "kernel32.lib" "user32.lib" "gdi32.lib" "winspool.lib" "comdlg32.lib" "advapi32.lib" "shell32.lib" "ole32.lib" \ @@ -24,7 +25,7 @@ LINK = link.exe MT = mt -DEFS = /nologo /O2 /LD /W3 /wd4244 /wd4018 -DWITH_YAJL -DWIN32 -DWINNT -Dinline=APR_INLINE -DAP_DECLARE_STATIC -D_MBCS -D$(VERSION) +DEFS = /nologo /O2 /LD /W3 /wd4244 /wd4018 -DWITH_YAJL -DWITH_PCRE_JIT -DWIN32 -DWINNT -Dinline=APR_INLINE -DAP_DECLARE_STATIC -D_MBCS -D$(VERSION) DLL = ModSecurityIIS.dll @@ -43,7 +44,7 @@ DEFS=$(DEFS) -DWITH_CURL -DWITH_REMOTE_RULES -DMSC_LARGE_STREAM_INPUT # -I$(SSDEEP) \ # Lua is optional !IF "$(LUA)" != "" -LIBS = $(LIBS) $(LUA)\lua5.1.lib +LIBS = $(LIBS) $(LUA)\lua54.lib DEFS=$(DEFS) -DWITH_LUA INCLUDES = $(INCLUDES) -I$(LUA)\include -I$(LUA) \ !ENDIF diff --git a/iis/build_dependencies.bat b/iis/build_dependencies.bat index e131cd15cd..51698ed87f 100755 --- a/iis/build_dependencies.bat +++ b/iis/build_dependencies.bat @@ -7,15 +7,15 @@ @set SOURCE_DIR=%USERPROFILE%\Downloads :: Dependencies -@set CMAKE=cmake-3.12.4-win32-x86.zip -@set PCRE=pcre-8.45.zip -@set ZLIB=zlib-1.2.12.tar.gz -@set LIBXML2=libxml2-2.9.14.tar.gz -@set LUA=lua-5.3.6.tar.gz -@set CURL=curl-7.83.1.zip -@set APACHE_SRC=httpd-2.4.54.tar.gz -@set APACHE_BIN32=httpd-2.4.54-win32-VS16.zip -@set APACHE_BIN64=httpd-2.4.54-win64-VS16.zip +@set CMAKE=cmake-4.2.3-windows-x86_64.zip +@set PCRE=pcre2-10.47.zip +@set ZLIB=zlib-1.3.1.tar.gz +@set LIBXML2=libxml2-2.15.1.tar.gz +@set LUA=lua-5.4.8.tar.gz +@set CURL=curl-8.18.0.zip +@set APACHE_SRC=httpd-2.4.66.tar.gz +@set APACHE_BIN32=httpd-2.4.66-win32-VS16.zip +@set APACHE_BIN64=httpd-2.4.66-win64-VS16.zip @set YAJL=yajl-2.1.0.zip @set SSDEEP=ssdeep-2.14.1.tar.gz @set SSDEEP_BIN=ssdeep-2.14.1.zip diff --git a/iis/build_modsecurity.bat b/iis/build_modsecurity.bat index 4ee8348f56..88615e63bb 100644 --- a/iis/build_modsecurity.bat +++ b/iis/build_modsecurity.bat @@ -15,21 +15,21 @@ set CURRENT_DIR=%cd% cd ..\apache2 del *.obj *.dll *.lib del libinjection\*.obj libinjection\*.dll libinjection\*.lib -NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.1.0 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl IIS_BUILD=yes +NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre2 LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.1.0 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl IIS_BUILD=yes @if NOT (%ERRORLEVEL%) == (0) goto build_failed @echo mlogc... cd ..\mlogc del *.obj *.dll *.lib nmake -f Makefile.win clean -nmake -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre CURL=..\iis\%DEPENDENCIES_DIR%\curl YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.1.0 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep VERSION=VERSION_IIS +nmake -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre2 CURL=..\iis\%DEPENDENCIES_DIR%\curl YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.1.0 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep VERSION=VERSION_IIS @if NOT (%ERRORLEVEL%) == (0) goto build_failed @echo iis... cd ..\iis del *.obj *.dll *.lib nmake -f Makefile.win clean -NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.1.0 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl +NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre2 LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.1.0 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl @if NOT (%ERRORLEVEL%) == (0) goto build_failed cd %CURRENT_DIR% diff --git a/iis/build_release.bat b/iis/build_release.bat index c1d8e85eeb..9dc7b26c28 100755 --- a/iis/build_release.bat +++ b/iis/build_release.bat @@ -29,10 +29,10 @@ copy "%OUTPUT_DIR%\libapriconv-1.dll" "%AMD64%" copy "%OUTPUT_DIR%\libaprutil-1.dll" "%AMD64%" copy "%OUTPUT_DIR%\libcurl.dll" "%AMD64%" copy "%OUTPUT_DIR%\libxml2.dll" "%AMD64%" -copy "%OUTPUT_DIR%\lua5.1.dll" "%AMD64%" +copy "%OUTPUT_DIR%\lua54.dll" "%AMD64%" copy "%OUTPUT_DIR%\mlogc.exe" "%AMD64%" copy "%OUTPUT_DIR%\ModSecurityIIS.dll" "%AMD64%" -copy "%OUTPUT_DIR%\pcre.dll" "%AMD64%" +copy "%OUTPUT_DIR%\pcre2-8.dll" "%AMD64%" copy "%OUTPUT_DIR%\zlib1.dll" "%AMD64%" copy "%OUTPUT_DIR%\yajl.dll" "%AMD64%" copy "%OUTPUT_DIR%\fuzzy.dll" "%AMD64%" @@ -48,10 +48,10 @@ copy "%OUTPUT_DIR%\libapriconv-1.dll" "%X86%" copy "%OUTPUT_DIR%\libaprutil-1.dll" "%X86%" copy "%OUTPUT_DIR%\libcurl.dll" "%X86%" copy "%OUTPUT_DIR%\libxml2.dll" "%X86%" -copy "%OUTPUT_DIR%\lua5.1.dll" "%X86%" +copy "%OUTPUT_DIR%\lua54.dll" "%X86%" copy "%OUTPUT_DIR%\mlogc.exe" "%X86%" copy "%OUTPUT_DIR%\ModSecurityIIS.dll" "%X86%" -copy "%OUTPUT_DIR%\pcre.dll" "%X86%" +copy "%OUTPUT_DIR%\pcre2-8.dll" "%X86%" copy "%OUTPUT_DIR%\zlib1.dll" "%X86%" copy "%OUTPUT_DIR%\yajl.dll" "%X86%" copy "%OUTPUT_DIR%\fuzzy.dll" "%X86%" diff --git a/iis/dependencies/build_lua.bat b/iis/dependencies/build_lua.bat index dda0e4d048..374a30787c 100644 --- a/iis/dependencies/build_lua.bat +++ b/iis/dependencies/build_lua.bat @@ -6,23 +6,23 @@ cd "%WORK_DIR%" set LUA_DIR=%LUA:~0,-7% -move "%LUA_DIR%" "lua" +move "%LUA_DIR%" "lua" -cd "lua\src" +cd "lua\src" CL /Ox /arch:SSE2 /GF /GL /Gy /FD /EHsc /MD /Zi /TC /wd4005 /D "_MBCS" /D "LUA_CORE" /D "LUA_BUILD_AS_DLL" /D "_CRT_SECURE_NO_WARNINGS" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_WIN32" /D "_WINDLL" /c *.c @if NOT (%ERRORLEVEL%) == (0) goto build_failed DEL lua.obj luac.obj -LINK /DLL /LTCG /DEBUG /OUT:lua5.1.dll *.obj +LINK /DLL /LTCG /DEBUG /OUT:lua54.dll *.obj @if NOT (%ERRORLEVEL%) == (0) goto build_failed -IF EXIST lua5.1.dll.manifest MT -manifest lua5.1.dll.manifest -outputresource:lua5.1.dll;2 +IF EXIST lua54.dll.manifest MT -manifest lua54.dll.manifest -outputresource:lua54.dll;2 @if NOT (%ERRORLEVEL%) == (0) goto build_failed cd "%WORK_DIR%" -copy /y "%WORK_DIR%\lua\src\lua5.1.dll" "%OUTPUT_DIR%" -copy /y "%WORK_DIR%\lua\src\lua5.1.pdb" "%OUTPUT_DIR%" -copy /y "%WORK_DIR%\lua\src\lua5.1.lib" "%OUTPUT_DIR%" +copy /y "%WORK_DIR%\lua\src\lua54.dll" "%OUTPUT_DIR%" +copy /y "%WORK_DIR%\lua\src\lua54.pdb" "%OUTPUT_DIR%" +copy /y "%WORK_DIR%\lua\src\lua54.lib" "%OUTPUT_DIR%" @exit /B 0 diff --git a/iis/dependencies/build_pcre.bat b/iis/dependencies/build_pcre.bat index d2cbcce0f9..0f98a9f1f5 100644 --- a/iis/dependencies/build_pcre.bat +++ b/iis/dependencies/build_pcre.bat @@ -2,35 +2,28 @@ cd "%WORK_DIR%" -@if NOT EXIST "%SOURCE_DIR%\%APACHE_BIN%" goto file_not_found_bin +@if NOT EXIST "%SOURCE_DIR%\%PCRE%" goto file_not_found_bin 7z.exe x "%SOURCE_DIR%\%PCRE%" set PCRE_DIR=%PCRE:~0,-4% -move "%PCRE_DIR%" "pcre" +move "%PCRE_DIR%" "pcre2" -@if "%PCRE_DIR%" == "pcre-8.40" ( - Echo. && Echo "PCRE 8.40 found... trying to patch it to compile cleanly" - ::cscript /B /Nologo ../patch-pcre-8.40.vbs - cd "pcre" - cat CMakeLists.txt | sed "s/PCRE_STATIC_RUNTIME OFF CACHE BOOL/PCRE_STATIC_RUNTIME/g" > CMakeLists.txt.ops - move CMakeLists.txt CMakeLists.txt.old - move CMakeLists.txt.ops CMakeLists.txt - cd .. -) - -cd "pcre" -CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True +cd "pcre2" +@echo Building PCRE2 with JIT support... +CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True -DPCRE2_BUILD_PCRE2_8=ON -DPCRE2_SUPPORT_JIT=ON @if NOT (%ERRORLEVEL%) == (0) goto build_failed NMAKE @if NOT (%ERRORLEVEL%) == (0) goto build_failed cd "%WORK%" -copy /y "%WORK_DIR%\pcre\pcre.dll" "%OUTPUT_DIR%" -copy /y "%WORK_DIR%\pcre\pcre.pdb" "%OUTPUT_DIR%" -copy /y "%WORK_DIR%\pcre\pcre.lib" "%OUTPUT_DIR%" -copy /y "%WORK_DIR%\pcre\pcre.h.generic" "%WORK_DIR%\pcre\pcre.h" -echo "a" +copy /y "%WORK_DIR%\pcre2\pcre2-8.dll" "%OUTPUT_DIR%" +copy /y "%WORK_DIR%\pcre2\pcre2-8.pdb" "%OUTPUT_DIR%" +copy /y "%WORK_DIR%\pcre2\pcre2-8.lib" "%OUTPUT_DIR%" +@if not exist "%WORK_DIR%\pcre2\include" mkdir "%WORK_DIR%\pcre2\include" +xcopy /y "%WORK_DIR%\pcre2\src\pcre2*.h" "%WORK_DIR%\pcre2\include\" >nul 2>&1 +copy /y "%WORK_DIR%\pcre2\pcre2.h" "%WORK_DIR%\pcre2\include\" >nul 2>&1 +@echo PCRE2 build and deployment completed successfully. @exit /B 0 :file_not_found_bin diff --git a/iis/dependencies/howto.txt b/iis/dependencies/howto.txt index 830851f95a..1321d1a613 100644 --- a/iis/dependencies/howto.txt +++ b/iis/dependencies/howto.txt @@ -5,48 +5,127 @@ So the build process was refactored to make it easier for users to create their * build_msi.bat -> Creates the MSI self-installer for easy deploy / removal / distribution * build_dependencies.bat -> Sets (and downloads if needed) all required dependencies -* build_modsecurity.bat -> Builds ModSecurity (requires all depenedencies being set) +* build_modsecurity.bat -> Builds ModSecurity (requires all dependencies being set) * download_files.bat -> Downloads all required dependencies to the default Downloads folder ** This script is disabled by default. If you want to enable it, uncomment the "@call download_files.bat" line on build_dependencies.bat -The dependencies folder also includes a set o batch scripts which sets each dependency +The dependencies folder also includes a set of batch scripts which sets each dependency on its own. These scripts are called by the build_dependencies.bat script. -Using the same versions of libraries as listed below is recommended. +Using the same versions of libraries as listed below is recommended. -------------------------------------- Compilation Prerequisites: -* Windows 7 x86_x64 (Should work on newer versions of Windows too) -* Vistual Studio 2013 Express (Other versions should work, but you need to set the correct path for vcvars.bat scripts) -* IIS enabled/installed -* 7-Zip +* Windows 10/11 or Windows Server 2016+ (64-bit recommended) +* Visual Studio 2019 or 2022 with C++ development tools + - Desktop development with C++ + - Windows 10/11 SDK + - MSVC v142 (VS2019) or v143 (VS2022) build tools + - C++ ATL for latest build tools +* IIS 7.0 or later enabled/installed +* 7-Zip (for dependency extraction) +* WiX Toolset 3.x (for building MSI installer) + +-------------------------------------- + +Runtime Prerequisites (for installer deployment): + +* Microsoft Visual C++ 2019 Redistributable (x64): https://aka.ms/vs/17/release/vc_redist.x64.exe +* Microsoft Visual C++ 2019 Redistributable (x86): https://aka.ms/vs/17/release/vc_redist.x86.exe + - Both x64 and x86 are required on 64-bit systems for 32-bit application pool support + - The MSI installer will check for these prerequisites and provide download links if missing + +Note: The installer now uses redistributable packages instead of merge modules, +following Microsoft's recommended deployment practices. This allows Windows Update +to automatically patch security vulnerabilities in the Visual C++ runtime. -------------------------------------- The latest versions of ModSecurity dependencies known to work well are the following: -cmake-3.8.2-win32-x86 -pcre-8.40 (patch required and included on file "patch-pcre-8.40.vbs") -zlib-1.2.11 -libxml2-2.9.4 -lua-5.3.4 -curl-7.54.1 -httpd-2.4.27 (bin-VC11) +cmake-3.8.2-win32-x86 (or later) +pcre2-10.x (PCRE2 is now the default, PCRE 8.x is deprecated) + - Note: PCRE2 provides better performance and is actively maintained +zlib-1.2.11 (or later) +libxml2-2.9.4 (or later) +lua-5.3.4 (or later) +curl-7.54.1 (or later) +httpd-2.4.27 (bin-VC15 or later for VS2019/2022) yajl-2.1.0 -ssdeep-2.13 +ssdeep-2.13 (or later) + +-------------------------------------- + +Build Instructions: + +1. Create working directory (e.g. c:\work) and clone/extract ModSecurity v2 from GitHub: + https://github.com/owasp-modsecurity/ModSecurity/archive/v2/master.zip + +2. Initialize git submodules (important for dependencies like libinjection): + git submodule update --init --recursive + +3. Make sure the prerequisites mentioned above are all set: + - Visual Studio 2019/2022 installed with C++ tools + - IIS enabled/installed + - 7-Zip available in PATH + - WiX Toolset installed (for MSI building) + +4. If you haven't downloaded the dependency files before, uncomment the + "@call download_files.bat" line in build_dependencies.bat to have them + downloaded automatically. + +5. Open a Visual Studio Developer Command Prompt (recommended) or regular + command prompt and navigate to the "iis" folder inside ModSecurity working + directory: + cd c:\work\ModSecurity\iis + +6. If you need to modify anything (e.g. paths, versions, etc.), carefully + edit the batch files. Key files to review: + - build_dependencies.bat (dependency paths/versions) + - build_modsecurity.bat (compiler settings) + - build_msi.bat (MSI configuration) + +7. Run the main build script: + build_release.bat + +8. When done, the binaries, lib and pdb files should appear under: + - c:\work\ModSecurity\iis\release\x86 (32-bit) + - c:\work\ModSecurity\iis\release\amd64 (64-bit) + + * At this point, if you have a previous installation of ModSecurity and + would like to test, you can manually place: + - x86 files to "C:\Windows\SysWOW64\inetsrv" + - x64 files to "C:\Windows\System32\inetsrv" + +9. If all went well, you can build the MSI installer by running: + build_msi.bat + + The MSI will be created in the release folder. + +-------------------------------------- + +MSI Installer Features: + +* Automatically places files to the correct system folders +* Configures the ModSecurity IIS native module for both 32-bit and 64-bit +* Registers the module with IIS application configuration +* Checks for required Visual C++ 2019 Redistributables +* Provides clear error messages with download links if prerequisites are missing +* Supports both x86 and x64 architectures +* Allows selective installation of 32-bit and/or 64-bit modules -------------------------------------- -1. Create working directory (e.g. c:\work) and drop the latest clone from ModSecurity's 2.x Github (https://github.com/owasp-modsecurity/ModSecurity/archive/v2/master.zip) -2. Make sure the prerequisites mentioned above are all set -3. If you haven't download the dependency files before, uncomment the "@call download_files.bat" line on build_dependencies.bat to have them downloaded prior -4. Open a command prompt (cmd.exe) and head to the "iis" folder inside ModSecurity tree working directory (e.g. cd c:\work\ModSecurity\iis) -5. If you need to modify anything (e.g. paths, versions etc), carefully edit the batch files. -6. Run build_release.bat -7. When done, the binaries, lib and pdb files should appear under c:\work\ModSecurity\iis\release\x86 (32-bit) and c:\work\ModSecurity\iis\release\amd64 (64-bit) -* At this point, if you had a previous installation of ModSecurity and would like to test you can place the x86 files to "C:\Windows\SysWOW64\inetsrv" and x64 files to "C:\Windows\System32\inetsrv" +Troubleshooting: + +* If the installer fails with missing DLL errors, ensure the VC++ 2019 + Redistributables are installed (see Runtime Prerequisites above) -8. If all went well, you can build the MSI installer by running the build_msi.bat script. +* Use the included list_dependencies.bat script in the wix folder to check: + - VC++ 2019 Redistributable installation status + - ModSecurity DLL dependencies + - Missing libraries -* The built installable package places the files to the correct folders, automatically configures the ModSecurity IIS native module and configures web.config to enable ModSecurity for all IIS sites. +* For detailed troubleshooting, see: + https://github.com/owasp-modsecurity/ModSecurity/wiki/IIS-Troubleshooting diff --git a/iis/download_files.bat b/iis/download_files.bat index dd0773aad2..395a5e0500 100644 --- a/iis/download_files.bat +++ b/iis/download_files.bat @@ -1,29 +1,29 @@ -@set CMAKE=cmake-3.12.4-win32-x86.zip -@set PCRE=pcre-8.41.zip -@set ZLIB=zlib-1.2.11.tar.gz -@set LIBXML2=libxml2-2.9.8.tar.gz -@set LUA=lua-5.3.5.tar.gz -@set CURL=curl-7.62.0.zip -@set APACHE_SRC=httpd-2.4.37.tar.gz -@set APACHE_BIN32=httpd-2.4.37-win32-VC11.zip -@set APACHE_BIN64=httpd-2.4.37-win64-VC11.zip +@set CMAKE=cmake-4.2.3-windows-x86_64.zip +@set PCRE=pcre2-10.47.zip +@set ZLIB=zlib-1.3.1.tar.gz +@set LIBXML2=libxml2-2.15.1.tar.gz +@set LUA=lua-5.4.8.tar.gz +@set CURL=curl-8.18.0.zip +@set APACHE_SRC=httpd-2.4.66.tar.gz +@set APACHE_BIN32=httpd-2.4.66-win32-VS16.zip +@set APACHE_BIN64=httpd-2.4.66-win64-VS16.zip @set YAJL=yajl-2.1.0.zip -@set SSDEEP=ssdeep-2.13.tar.gz -@set SSDEEP_BIN=ssdeep-2.13.zip +@set SSDEEP=ssdeep-2.14.1.tar.gz +@set SSDEEP_BIN=ssdeep-2.14.1.zip :: BITSAdmin refuses to download YAJL from GitHub URL :: @set YAJL_URL=https://github.com/lloyd/yajl/archive/%YAJL:~-9% @set YAJL_URL=http://http.debian.net/debian/pool/main/y/yajl/yajl_2.1.0.orig.tar.gz -@set CMAKE_URL=https://cmake.org/files/v3.12/%CMAKE% -@set PCRE_URL=https://ftp.pcre.org/pub/pcre/%PCRE% -@set ZLIB_URL=https://zlib.net/%ZLIB% -@set LIBXML2_URL=http://xmlsoft.org/sources/%LIBXML2% +@set CMAKE_URL=https://github.com/Kitware/CMake/releases/download/v4.2.3/%CMAKE% +@set PCRE_URL=https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.47/%PCRE% +@set ZLIB_URL=https://github.com/madler/zlib/releases/download/v1.3.1/%ZLIB% +@set LIBXML2_URL=https://download.gnome.org/sources/libxml2/2.15/%LIBXML2% @set LUA_URL=https://www.lua.org/ftp/%LUA% -@set CURL_URL=http://curl.askapache.com/download/%CURL% +@set CURL_URL=https://curl.se/download/%CURL% @set APACHE_SRC_URL=https://www.apache.org/dist/httpd/%APACHE_SRC% -@set APACHE_BIN_URL=https://home.apache.org/~steffenal/VC11/binaries -@set SSDEEP_URL=https://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13 +@set APACHE_BIN_URL=https://www.apachelounge.com/download/VS16/binaries +@set SSDEEP_URL=https://downloads.sourceforge.net/project/ssdeep/ssdeep-2.14.1 bitsadmin.exe /transfer "Downloading dependencies..." %CMAKE_URL% %SOURCE_DIR%\%CMAKE% %PCRE_URL% %SOURCE_DIR%\%PCRE% %ZLIB_URL% %SOURCE_DIR%\%ZLIB% %LIBXML2_URL% %SOURCE_DIR%\%LIBXML2% %LUA_URL% %SOURCE_DIR%\%LUA% %CURL_URL% %SOURCE_DIR%\%CURL% %APACHE_SRC_URL% %SOURCE_DIR%\%APACHE_SRC% %APACHE_BIN_URL%/%APACHE_BIN32% %SOURCE_DIR%\%APACHE_BIN32% %APACHE_BIN_URL%/%APACHE_BIN64% %SOURCE_DIR%\%APACHE_BIN64% %YAJL_URL% %SOURCE_DIR%\%YAJL% %SSDEEP_URL%/%SSDEEP% %SOURCE_DIR%\%SSDEEP% %SSDEEP_URL%/%SSDEEP_BIN% %SOURCE_DIR%\%SSDEEP_BIN% diff --git a/iis/installer.wxs b/iis/installer.wxs index 3f17443327..3458f48dca 100644 --- a/iis/installer.wxs +++ b/iis/installer.wxs @@ -29,6 +29,25 @@ + + + + + + + + + + + + + @@ -50,10 +69,10 @@ - + - + @@ -61,31 +80,31 @@ - + - + - + - + - + - - + + - - + + - + - + @@ -96,7 +115,20 @@ - + + + + + + + + 3) OR VC142X86INSTALLED]]> + + + + + + @@ -205,17 +237,6 @@ - - - - - - - - - - - @@ -360,6 +381,7 @@ + @@ -389,6 +411,8 @@ + + @@ -411,16 +435,5 @@ - - - - - - - - - - - \ No newline at end of file diff --git a/iis/wix/Microsoft_VC110_CRT_x64.msm b/iis/wix/Microsoft_VC110_CRT_x64.msm deleted file mode 100644 index 2371cfbbf5..0000000000 Binary files a/iis/wix/Microsoft_VC110_CRT_x64.msm and /dev/null differ diff --git a/iis/wix/Microsoft_VC110_CRT_x86.msm b/iis/wix/Microsoft_VC110_CRT_x86.msm deleted file mode 100644 index 50e3ff77b9..0000000000 Binary files a/iis/wix/Microsoft_VC110_CRT_x86.msm and /dev/null differ diff --git a/iis/wix/Microsoft_VC120_CRT_x64.msm b/iis/wix/Microsoft_VC120_CRT_x64.msm deleted file mode 100644 index f2c388f31b..0000000000 Binary files a/iis/wix/Microsoft_VC120_CRT_x64.msm and /dev/null differ diff --git a/iis/wix/Microsoft_VC120_CRT_x86.msm b/iis/wix/Microsoft_VC120_CRT_x86.msm deleted file mode 100644 index a1bee6630d..0000000000 Binary files a/iis/wix/Microsoft_VC120_CRT_x86.msm and /dev/null differ diff --git a/iis/wix/README.TXT b/iis/wix/README.TXT index bcbc9326fc..2926d3c5f6 100644 --- a/iis/wix/README.TXT +++ b/iis/wix/README.TXT @@ -1,5 +1,16 @@ Please note that installing ModSecurity for IIS requires IIS to be installed and enabled. +PREREQUISITES: + +ModSecurity for IIS requires the Microsoft Visual C++ 2019 Redistributable to be installed: +- For 64-bit systems: Install both x64 and x86 versions (for 32-bit application pool support) + - x64: https://aka.ms/vs/17/release/vc_redist.x64.exe + - x86: https://aka.ms/vs/17/release/vc_redist.x86.exe +- For 32-bit systems: Install x86 version only + - x86: https://aka.ms/vs/17/release/vc_redist.x86.exe + +The installer will check for these prerequisites and provide download links if they are missing. + After installing ModSecurity for IIS, the module will be running in all websites by default. To remove from a website add to web.config: diff --git a/iis/wix/list_dependencies.bat b/iis/wix/list_dependencies.bat index 276b4f33c2..10eace7383 100644 --- a/iis/wix/list_dependencies.bat +++ b/iis/wix/list_dependencies.bat @@ -11,28 +11,75 @@ echo * echo * echo * The main function of this script is to list all ModSecurityIIS runtime echo * dependencies, including system dependencies, to check if there is a -echo * missing library or a version mismatch. This can be very usefull in case +echo * missing library or a version mismatch. This can be very useful in case echo * ModSecurityIIS refuses to register as IIS module or if IIS refuses to echo * start. -echo * echo * echo * +echo * + +echo. +echo Checking prerequisites... +echo. +REM Check for Visual C++ 2019 Redistributable (x64) +reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v Installed 2>nul | find "0x1" >nul +if %errorlevel% equ 0 ( + echo [OK] Visual C++ 2019 Redistributable ^(x64^) is installed +) else ( + echo [MISSING] Visual C++ 2019 Redistributable ^(x64^) is NOT installed + echo Download from: https://aka.ms/vs/17/release/vc_redist.x64.exe +) + +REM Check for Visual C++ 2019 Redistributable (x86) +reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86" /v Installed /reg:32 2>nul | find "0x1" >nul +if %errorlevel% equ 0 ( + echo [OK] Visual C++ 2019 Redistributable ^(x86^) is installed +) else ( + echo [MISSING] Visual C++ 2019 Redistributable ^(x86^) is NOT installed + echo Download from: https://aka.ms/vs/17/release/vc_redist.x86.exe +) + +echo. pause :LOOP_FILE SET /a log_file=%RANDOM%+100000 -SET log_file=%TEMP%\ModSecurityIIS-depedencies-%log_file:~-5%.TXT -IF EXIST %log_file% GOTO LOOP_FILE +SET log_file=%TEMP%\ModSecurityIIS-dependencies-%log_file:~-5%.TXT +IF EXIST "%log_file%" GOTO LOOP_FILE echo Saving logs at: %log_file% +echo. + +REM Log prerequisite checks to file +echo ================================================ >> "%log_file%" +echo Visual C++ 2019 Redistributable Check >> "%log_file%" +echo ================================================ >> "%log_file%" + +reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v Installed 2>nul | find "0x1" >nul +if %errorlevel% equ 0 ( + echo [OK] Visual C++ 2019 Redistributable (x64) is installed >> "%log_file%" +) else ( + echo [MISSING] Visual C++ 2019 Redistributable (x64) is NOT installed >> "%log_file%" + echo Download from: https://aka.ms/vs/17/release/vc_redist.x64.exe >> "%log_file%" +) + +reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86" /v Installed /reg:32 2>nul | find "0x1" >nul +if %errorlevel% equ 0 ( + echo [OK] Visual C++ 2019 Redistributable (x86) is installed >> "%log_file%" +) else ( + echo [MISSING] Visual C++ 2019 Redistributable (x86) is NOT installed >> "%log_file%" + echo Download from: https://aka.ms/vs/17/release/vc_redist.x86.exe >> "%log_file%" +) +echo. >> "%log_file%" -set POSSIBLE_PATHS_X86="C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\bin\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\dumpbin.exe" -set POSSIBLE_PATHS_X64="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\dumpbin.exe" +REM Updated paths to include Visual Studio 2019 and 2022 +set POSSIBLE_PATHS_X86="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\bin\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\dumpbin.exe" +set POSSIBLE_PATHS_X64="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\dumpbin.exe" for %%i in (%POSSIBLE_PATHS_X86%) do ( echo Checking for dumpbin x86... %%i - echo Checking for dumpbin x86... %%i >> %log_file% + echo Checking for dumpbin x86... %%i >> "%log_file%" if exist %%i ( SET DUMPBIN_X86=%%i goto found_x86 @@ -42,7 +89,7 @@ for %%i in (%POSSIBLE_PATHS_X86%) do ( for %%i in (%POSSIBLE_PATHS_X64%) do ( echo Checking for dumpbin x64... %%i - echo Checking for dumpbin x64... %%i >> %log_file% + echo Checking for dumpbin x64... %%i >> "%log_file%" if exist %%i ( SET DUMPBIN_X64=%%i goto found_x64 @@ -50,30 +97,79 @@ for %%i in (%POSSIBLE_PATHS_X64%) do ( ) :found_x64 +echo ================================================ >> "%log_file%" +echo ModSecurity IIS Dependency Analysis >> "%log_file%" +echo ================================================ >> "%log_file%" +echo. >> "%log_file%" + +REM Check ModSecurity DLL locations +echo Checking ModSecurity DLL locations... >> "%log_file%" +if exist "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" ( + echo [FOUND] %SystemRoot%\System32\inetsrv\ModSecurityIIS.dll >> "%log_file%" +) else ( + echo [MISSING] %SystemRoot%\System32\inetsrv\ModSecurityIIS.dll >> "%log_file%" +) + +if exist "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" ( + echo [FOUND] %SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll >> "%log_file%" +) else ( + echo [MISSING] %SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll >> "%log_file%" +) +echo. >> "%log_file%" + if "%DUMPBIN_X86:~1,-1%" == "" ( echo Dumpbin x86 not found. - echo Dumpbin x86 not found. >> %log_file% + echo Dumpbin x86 not found. >> "%log_file%" + echo NOTE: Install Visual Studio 2019/2022 with C++ tools to use dumpbin. >> "%log_file%" ) else ( echo Using dumpbin x86: %DUMPBIN_X86% - echo Using dumpbin x86: %DUMPBIN_X86% >> %log_file% - %DUMPBIN_X86% /imports /dependents %* >> %log_file% + echo Using dumpbin x86: %DUMPBIN_X86% >> "%log_file%" + echo. >> "%log_file%" + if exist "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" ( + echo ================================================ >> "%log_file%" + echo 32-bit ModSecurityIIS.dll dependencies: >> "%log_file%" + echo ================================================ >> "%log_file%" + %DUMPBIN_X86% /imports /dependents "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" >> "%log_file%" 2>&1 + ) + if not "%*" == "" ( + echo. >> "%log_file%" + echo ================================================ >> "%log_file%" + echo Additional files specified: >> "%log_file%" + echo ================================================ >> "%log_file%" + %DUMPBIN_X86% /imports /dependents %* >> "%log_file%" 2>&1 ) ) +echo. >> "%log_file%" + if "%DUMPBIN_X64:~1,-1%" == "" ( echo Dumpbin x64 not found. - echo Dumpbin x64 not found. >> %log_file% + echo Dumpbin x64 not found. >> "%log_file%" + echo NOTE: Install Visual Studio 2019/2022 with C++ tools to use dumpbin. >> "%log_file%" ) else ( echo Using dumpbin x64: %DUMPBIN_X64% - echo Using dumpbin x64: %DUMPBIN_X64% >> %log_file% - %DUMPBIN_X64% /imports /dependents %* >> %log_file% + echo Using dumpbin x64: %DUMPBIN_X64% >> "%log_file%" + echo. >> "%log_file%" + if exist "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" ( + echo ================================================ >> "%log_file%" + echo 64-bit ModSecurityIIS.dll dependencies: >> "%log_file%" + echo ================================================ >> "%log_file%" + %DUMPBIN_X64% /imports /dependents "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" >> "%log_file%" 2>&1 + ) + if not "%*" == "" ( + echo. >> "%log_file%" + echo ================================================ >> "%log_file%" + echo Additional files specified: >> "%log_file%" + echo ================================================ >> "%log_file%" + %DUMPBIN_X64% /imports /dependents %* >> "%log_file%" 2>&1 + ) ) goto exit :exit -echo Logs were saved at: %log_file%. +echo Logs were saved at: "%log_file%". echo Trying to open it with explorer... -explorer %log_file% +explorer "%log_file%" echo Done. pause diff --git a/iis/wix/modsecurity.conf b/iis/wix/modsecurity.conf index fcce635963..2297834afc 100644 --- a/iis/wix/modsecurity.conf +++ b/iis/wix/modsecurity.conf @@ -23,16 +23,23 @@ SecStreamInBodyInspection On # Enable XML request body parser. # Initiate XML Processor in case of xml content-type # -SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \ +SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" # Enable JSON request body parser. # Initiate JSON Processor in case of JSON content-type; change accordingly # if your application does not use 'application/json' # -SecRule REQUEST_HEADERS:Content-Type "application/json" \ +SecRule REQUEST_HEADERS:Content-Type "^application/json" \ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" +# Sample rule to enable JSON request body parser for more subtypes. +# Uncomment or adapt this rule if you want to engage the JSON +# Processor for "+json" subtypes +# +#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \ +# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" + # Maximum request body size we will accept for buffering. If you support # file uploads then the value given on the first line has to be as large # as the largest file you are willing to accept. The second value refers @@ -55,6 +62,11 @@ SecRequestBodyInMemoryLimit 131072 # SecRequestBodyLimitAction Reject +# Maximum parsing depth allowed for JSON objects. You want to keep this +# value as low as practical. +# +SecRequestBodyJsonDepthLimit 512 + # Verify that we've correctly processed the request body. # As a rule of thumb, when failing to process a request body # you should reject the request (when deployed in blocking mode) @@ -101,7 +113,7 @@ SecPcreMatchLimitRecursion 1000 # MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. # SecRule TX:/^MSC_/ "!@streq 0" \ - "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + "id:'200005',phase:2,t:none,log,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" # -- Response body handling -------------------------------------------------- @@ -139,13 +151,13 @@ SecResponseBodyLimitAction ProcessPartial # This default setting is chosen due to all systems have /tmp available however, # this is less than ideal. It is recommended that you specify a location that's private. # -SecTmpDir c:\inetpub\temp\ +SecTmpDir c:/inetpub/temp/ # The location where ModSecurity will keep its persistent data. This default setting # is chosen due to all systems have /tmp available however, it # too should be updated to a place that other users can't access. # -SecDataDir c:\inetpub\temp\ +SecDataDir c:/inetpub/temp/ # -- File uploads handling configuration ------------------------------------- @@ -154,7 +166,7 @@ SecDataDir c:\inetpub\temp\ # location must be private to ModSecurity. You don't want other users on # the server to access the files, do you? # -#SecUploadDir c:\inetpub\temp\ +#SecUploadDir c:/inetpub/temp/ # By default, only keep the files that were determined to be unusual # in some way (by an external inspection script). For this to work you @@ -174,7 +186,7 @@ SecDataDir c:\inetpub\temp\ # The default debug log configuration is to duplicate the error, warning # and notice messages from the error log. # -#SecDebugLog c:\inetpub\temp\debug.log +#SecDebugLog c:/inetpub/temp/debug.log #SecDebugLogLevel 3 @@ -194,10 +206,10 @@ SecAuditLogParts ABIJDEFHZ # assumes that you will use the audit log only ocassionally. # SecAuditLogType Serial -#SecAuditLog c:\inetpub\logs\modsec_audit.log +SecAuditLog c:/inetpub/logs/modsec_audit.log # Specify the path for concurrent audit logging. -#SecAuditLogStorageDir c:\inetpub\logs\ +#SecAuditLogStorageDir c:/inetpub/logs/ # -- Miscellaneous ----------------------------------------------------------- @@ -226,5 +238,7 @@ SecUnicodeMapFile unicode.mapping 20127 # The following information will be shared: ModSecurity version, # Web Server version, APR version, PCRE version, Lua version, Libxml2 # version, Anonymous unique id for host. -SecStatusEngine On +# NB: As of April 2022, there is no longer any advantage to turning this +# setting On, as there is no active receiver for the information. +SecStatusEngine Off diff --git a/mlogc/Makefile.win b/mlogc/Makefile.win index 12b555fae4..ada2e31172 100755 --- a/mlogc/Makefile.win +++ b/mlogc/Makefile.win @@ -2,6 +2,7 @@ ### You Will need to modify the following variables for your system ########################################################################### ########################################################################### +# Note: ModSecurity v2 uses PCRE2 by default (not legacy PCRE). Set PCRE to your pcre2 build directory. # Path to Apache httpd installation BASE = %APACHE% @@ -13,8 +14,8 @@ CURL = %CURL% # Linking libraries LIBS = $(BASE)\lib\libapr-1.lib \ $(BASE)\lib\libaprutil-1.lib \ - $(PCRE)\pcre.lib \ - $(CURL)\libcurl.lib \ + $(PCRE)\pcre2-8.lib \ + $(CURL)\libcurl.lib \ wsock32.lib ###########################################################################