Skip to content

chore: update Windows build to use PCRE2 as default #3491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
fzipi wants to merge 27 commits into
base: v2/master
Choose a base branch
from
+572 −239
Open

chore: update Windows build to use PCRE2 as default #3491

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
d925bdc
chore: update Windows build to use PCRE2 as default
fzipi Feb 8, 2026
d1b1956
fix: update IIS installer file
fzipi Feb 8, 2026
b0dd255
chore: remove deprecated method using msm files
fzipi Feb 8, 2026
e9c84a6
fix: update dependencies howto to reflect changes
fzipi Feb 8, 2026
a4a5a5b
fix: apply comments from copilot review
fzipi Feb 8, 2026
a3fb241
ci: update msys2 action
fzipi Feb 8, 2026
9b87f0f
fix(ci): install VC redistributables
fzipi Feb 8, 2026
394f3b7
ci: update CRS version
fzipi Feb 8, 2026
7f07ffd
fix: support latest iis installer
fzipi Feb 8, 2026
b495486
fix(windows): add posix conformant names and suppress warnings
fzipi Feb 8, 2026
906eae5
fix: avoid redefinition if already in apr
fzipi Feb 8, 2026
2268276
chore: add debug information to identify install problems
fzipi Feb 8, 2026
6334d28
chore: update lua to 5.4
fzipi Feb 8, 2026
5aa007e
fix: windows x32
fzipi Feb 8, 2026
6d36425
fix: OWASP CRS install
fzipi Feb 8, 2026
191c51c
fix: download full CRS version to get tests also
fzipi Feb 8, 2026
ef44728
fix: release url
fzipi Feb 8, 2026
932c83b
Apply suggestions from code review
fzipi Feb 8, 2026
cf619f9
fix: address copilot suggestions
fzipi Feb 8, 2026
2fbcd90
fix: change backslash to slash
fzipi Feb 8, 2026
0f5e0a1
fix: include creation for directories in installer
fzipi Feb 8, 2026
ba624f3
fix: remove warning on deprecated action
fzipi Feb 8, 2026
4c52436
fix: add permissions to IIS
fzipi Feb 8, 2026
360691b
fix: use powershell for custom cmd
fzipi Feb 8, 2026
de2564f
fix: install crs path
fzipi Feb 13, 2026
76323ea
fix: installer dir creation
fzipi Feb 13, 2026
db46478
fix: address Copilot review feedback on Windows build
fzipi Feb 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
122 changes: 108 additions & 14 deletions .github/workflows/test-ci-windows.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
echo "APACHE_ROOT=C:\tools\Apache24" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append

- name: Setup MSYS2
uses: msys2/setup-msys2@fb197b72ce45fb24f17bf3f807a388985654d1f2
uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda #v2.30.0
with:
msystem: ${{ matrix.arch == 'x86' && 'MINGW32' || 'UCRT64' }}
update: true
Expand Down Expand Up @@ -100,6 +100,7 @@ jobs:
-A $cmakeArch `
-DWITH_LUA=ON `
-DWITH_YAJL=ON `
-DWITH_PCRE_JIT=ON `
-S IIS -B "iis\build"

- name: Build IIS Module
Expand Down Expand Up @@ -166,29 +167,122 @@ jobs:
name: modsecurityiis-installers-${{ matrix.config }}
path: ${{ github.workspace }}/

- name: Install VC++ 2019 Redistributables (Prerequisites)
shell: pwsh
run: |
Write-Host "=== Checking Pre-Existing VC++ Installations ==="
Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue |
Where-Object { $_.DisplayName -like "*Visual C++*" -or $_.DisplayName -like "*Microsoft Visual Studio*Runtime*" } |
Select-Object DisplayName, DisplayVersion, PSChildName |
Format-Table -AutoSize

Write-Host "`n=== Installing Visual C++ 2019 Redistributable (x64) ==="
$vc_x64_url = "https://aka.ms/vs/17/release/vc_redist.x64.exe"
$vc_x64_installer = "${{ github.workspace }}\vc_redist.x64.exe"
Invoke-WebRequest -Uri $vc_x64_url -OutFile $vc_x64_installer
$x64Process = Start-Process -FilePath $vc_x64_installer -ArgumentList "/install", "/quiet", "/norestart" -Wait -PassThru
Write-Host "VC++ x64 installer exit code: $($x64Process.ExitCode)"
# Exit codes: 0 = success, 1638 = already installed (newer version), 3010 = success (reboot required)
if ($x64Process.ExitCode -notin @(0, 1638, 3010)) {
Write-Error "VC++ x64 installation failed with exit code $($x64Process.ExitCode)"
exit 1
}

Write-Host "`n=== Installing Visual C++ 2019 Redistributable (x86) ==="
$vc_x86_url = "https://aka.ms/vs/17/release/vc_redist.x86.exe"
$vc_x86_installer = "${{ github.workspace }}\vc_redist.x86.exe"
Invoke-WebRequest -Uri $vc_x86_url -OutFile $vc_x86_installer
$x86Process = Start-Process -FilePath $vc_x86_installer -ArgumentList "/install", "/quiet", "/norestart" -Wait -PassThru
Write-Host "VC++ x86 installer exit code: $($x86Process.ExitCode)"
# Exit codes: 0 = success, 1638 = already installed (newer version), 3010 = success (reboot required)
if ($x86Process.ExitCode -notin @(0, 1638, 3010)) {
Write-Error "VC++ x86 installation failed with exit code $($x86Process.ExitCode)"
exit 1
}

Write-Host "VC++ 2019 Redistributables installed successfully"

# Verify installations
Write-Host "`nVerifying VC++ installations in registry..."
$vc142x64 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" -Name "Installed" -ErrorAction SilentlyContinue).Installed
# On 64-bit Windows, x86 runtime is in WOW6432Node
$vc142x86 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\VisualStudio\14.0\VC\Runtimes\x86" -Name "Installed" -ErrorAction SilentlyContinue).Installed
Write-Host "VC++ 2019 x64 in registry: $vc142x64"
Write-Host "VC++ 2019 x86 in registry: $vc142x86"

if (-not $vc142x64 -or -not $vc142x86) {
Write-Error "VC++ redistributables not properly registered. x64=$vc142x64, x86=$vc142x86"
exit 1
}

- name: Install MSI
shell: pwsh
run: |
Write-Host "=== Pre-Installation Debug Info ==="

# Check MSI file
$msiPath = "${{ github.workspace }}\modsecurityiis.msi"
if (-not (Test-Path $msiPath)) {
Write-Error "MSI file not found at $msiPath"
exit 1
}

# Install with logging for debugging
Write-Host "MSI file found: $msiPath"
Write-Host "MSI file size: $((Get-Item $msiPath).Length) bytes"

# Check IIS version
$iisVersion = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\InetStp" -Name "MajorVersion" -ErrorAction SilentlyContinue).MajorVersion
Write-Host "IIS Version: $iisVersion"

# Check VC++ redistributables
$vc142x64 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" -Name "Installed" -ErrorAction SilentlyContinue).Installed
$vc142x86 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\VisualStudio\14.0\VC\Runtimes\x86" -Name "Installed" -ErrorAction SilentlyContinue).Installed
Write-Host "VC++ 2019 x64 installed: $vc142x64"
Write-Host "VC++ 2019 x86 installed: $vc142x86"

Write-Host "`n=== Starting MSI Installation ==="

# Install with verbose logging
$installLog = "${{ github.workspace }}\install.log"
$installResult = Start-Process -FilePath "msiexec.exe" -ArgumentList @(
"/i", "`"$msiPath`"",
"/qn",
"/norestart",
"/l*", "`"$installLog`""
"/l*vx", "`"$installLog`""
) -Wait -PassThru


Write-Host "Installation process completed with exit code: $($installResult.ExitCode)"

# Check if log file was created
if (Test-Path $installLog) {
$logSize = (Get-Item $installLog).Length
Write-Host "Install log created: $installLog ($logSize bytes)"

} else {
Write-Host "WARNING: Install log was not created at $installLog"
}

if ($installResult.ExitCode -ne 0) {
Write-Host "`n=== Full Installation Log (installation failed) ==="
if (Test-Path $installLog) {
$logSize = (Get-Item $installLog).Length
if ($logSize -gt 0) {
Get-Content $installLog -Raw | Write-Host
} else {
Write-Host "WARNING: Log file is empty!"
}
}
Write-Host "`n=== Installation Failed ==="
Write-Host "Exit code: $($installResult.ExitCode)"
Write-Host "Common MSI error codes:"
Write-Host " 1603 - Fatal error during installation"
Write-Host " 1619 - Package could not be opened"
Write-Host " 1620 - Package could not be opened (corrupt)"
Write-Host " 1633 - Platform not supported"
Write-Error "MSI installation failed with exit code $($installResult.ExitCode)"
Get-Content $installLog | Write-Host
exit 1
}

Write-Host "`n=== Installation Successful ==="

$installDir = "C:\Program Files\ModSecurity IIS"
$requiredFiles = @(
Expand All @@ -204,13 +298,13 @@ jobs:
}
}

- name: Install OWASP Core Rules
- name: Install OWASP CRS
shell: pwsh
run: |
$crsVersion = "v4.18.0"
$crsUrl = "https://github.com/coreruleset/coreruleset/archive/refs/tags/$crsVersion.tar.gz"
$crsDir = "C:\Program Files\ModSecurity IIS\coreruleset"
$modSecurityConfigDir = "C:\Program Files\ModSecurity IIS"
$crsVersion = "4.23.0"
$crsUrl = "https://github.com/coreruleset/coreruleset/archive/refs/tags/v$crsVersion.tar.gz"
$crsDir = 'C:\Program Files\ModSecurity IIS\coreruleset'
$modSecurityConfigDir = 'C:\Program Files\ModSecurity IIS'

try {
New-Item -ItemType Directory -Path $crsDir -Force
Expand All @@ -221,8 +315,9 @@ jobs:
$newName = $_.Name.Replace(".example", "")
Rename-Item -Path $_.FullName -NewName $newName
}

$modSecurityConfigFile = "$modSecurityConfigDir\modsecurity_iis.conf"
$modsecConf = "$modSecurityConfigDir\modsecurity.conf"

$crsRules = @(
"Include coreruleset/crs-setup.conf",
Expand All @@ -234,8 +329,7 @@ jobs:

Add-Content -Path $modSecurityConfigFile -Value $crsRules

(Get-Content -Path $modSecurityConfigDir\modsecurity.conf) -replace 'SecRuleEngine DetectionOnly', 'SecRuleEngine On' | Set-Content -Path $modSecurityConfigDir\modsecurity.conf

(Get-Content -Path $modsecConf) -replace 'SecRuleEngine DetectionOnly', 'SecRuleEngine On' | Set-Content -Path $modsecConf
}
catch {
Write-Error "Failed to install OWASP Core Rules: $($_.Exception.Message)"
Expand Down
Loading
Loading