nginx开启错误日志,然后重启nginx,出现如下信息:
2016/12/03 09:40:38 [notice] 18858#0: ModSecurity for nginx (STABLE)/2.9.1 (http://www.modsecurity.org/) configured.
2016/12/03 09:40:38 [notice] 18858#0: ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"
2016/12/03 09:40:38 [notice] 18858#0: ModSecurity: PCRE compiled version="8.39 "; loaded version="8.32 2012-11-30"
2016/12/03 09:40:38 [warn] 18858#0: ModSecurity: Loaded PCRE do not match with compiled!
2016/12/03 09:40:38 [notice] 18858#0: ModSecurity: LIBXML compiled version="2.9.1"
2016/12/03 09:40:38 [notice] 18858#0: ModSecurity: StatusEngine call: "2.9.1,nginx,1.4.8/1.4.8,8.39/8.32 2012-11-30,(null),2.9.1,1041d4bc04a4b99eb3aab2c7d5ad7bbeb72f7b5b"
2016/12/03 09:40:38 [notice] 18858#0: ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/
注意红色字体部分就是兼容性的错误提示:
要求PCRE的软件版本是8.39,系统加载的是软件版本是8.32,所以更新PCRE软件版本到8.39即可解决这个问题。
那么问题来了
通过/usr/local/nginx/sbin/nginx -V 查看nginx的编译参数,PCRE的软件版本是8.39
nginx version: nginx/1.10.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.0.2j 26 Sep 2016
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-openssl=/usr/local/src/openssl-1.0.2j --with-zlib=/usr/local/src/zlib-1.2.8 --with-pcre=/usr/local/src/pcre-8.39 --add-module=/usr/local/src/modsecurity-2.9.1/nginx/modsecurity
也就是说在安装nginx的时候已经安装pcre8.39软件版本了,但是看系统上的pcre软件版本却不是8.39,还是系统本身自带的软件版本8.32,具体查看如下:
# rpm -qa | grep pcre
pcre-devel-8.32-15.el7_2.1.x86_64
pcre-8.32-15.el7_2.1.x86_64
# pcre-config --version
8.32
解决方法:
1、查看系统安装的pcre软件
#rpm -qa | grep pcre
pcre-devel-8.32-15.el7_2.1.x86_64
pcre-8.32-15.el7_2.1.x86_64
2、系统自带的千万别卸载,直接源码安装最新的就行
3、下载pcre.39源码进行安装
wget http://ftp.exim.llorien.org/pcre/pcre-8.39.tar.gz
tar zxvf pcre-8.39.tar.gz
cd pcre-8.39
./configure --prefix=/usr --docdir=/usr/share/doc/pcre-8.39 --libdir=/usr/lib64 --enable-unicode-properties --enable-pcre16 --enable-pcre32 --enable-pcregrep-libz --enable-pcregrep-libbz2 --disable-static --enable-utf8 --enable-shared
make && make install
然后重启nginx,则不会出现ModSecurity兼容性显示,nginx错误日志如下显示:
2016/12/03 10:09:50 [notice] 28116#0: ModSecurity for nginx (STABLE)/2.9.1 (http://www.modsecurity.org/) configured.
2016/12/03 10:09:50 [notice] 28116#0: ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"
2016/12/03 10:09:50 [notice] 28116#0: ModSecurity: PCRE compiled version="8.39 "; loaded version="8.39 2016-06-14"
2016/12/03 10:09:50 [notice] 28116#0: ModSecurity: LIBXML compiled version="2.9.1"
2016/12/03 10:09:50 [notice] 28116#0: ModSecurity: StatusEngine call: "2.9.1,nginx,1.4.8/1.4.8,8.39/8.39 2016-06-14,(null),2.9.1,1041d4bc04a4b99eb3aab2c7d5ad7bbeb72f7b5b"
2016/12/03 10:09:50 [notice] 28116#0: ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/
查看pcre软件版本:
#rpm -qa | grep pcre (系统自带的未卸载,还会有信息显示出来)
pcre-devel-8.32-15.el7_2.1.x86_64
pcre-8.32-15.el7_2.1.x86_64
#pcre-config --version (查看到软件版本是8.39)
8.39
#pcretest -C (换个命令查看还是8.39)
PCRE version 8.39 2016-06-14
Compiled with
8-bit support
UTF-8 support
16-bit support
UTF-16 support
32-bit support
UTF-32 support
Unicode properties support
No just-in-time compiler support
Newline sequence is LF
R matches all Unicode newlines
Internal link size = 2
POSIX malloc threshold = 10
Parentheses nest limit = 250
Default match limit = 10000000
Default recursion depth limit = 10000000
Match recursion uses stack
# ldconfig -v | grep pcre
ldconfig: 无法对 /libx32 进行 stat 操作: 没有那个文件或目录
ldconfig: 多次给出路径“/usr/lib”
ldconfig: 多次给出路径“/usr/lib64”
ldconfig: 无法对 /usr/libx32 进行 stat 操作: 没有那个文件或目录
libpcreposix.so.0 -> libpcreposix.so.0.0.4
libpcrecpp.so.0 -> libpcrecpp.so.0.0.1
libpcre32.so.0 -> libpcre32.so.0.0.7
libpcre16.so.0 -> libpcre16.so.0.2.7
libpcre.so.1 -> libpcre.so.1.2.7