TECH NOTES: Building mod_security with libxml2

You’d like to add mod_security to your custom apache+mod_php build. The package requires a recent version of libxml2 which must be installed in parallel. Once compiled, httpd is unable to start as a result of missing symbols.

# /usr/local/apache2/bin/apachectl start
httpd: Syntax error on line 1234 of /usr/local/apache2/conf/httpd.conf: Syntax error on line 5678 of /usr/local/apache2/conf.d/modsecurity.conf: Cannot load /usr/local/apache2/modules/mod_security2.so into server: /usr/local/apache2/modules/mod_security2.so: symbol xmlOutputBufferGetSize, version LIBXML2_2.9.0 not defined in file libxml2.so.2 with link time reference

The system version of libxml2 can’t be removed or otherwise modified. You’re absolutely certain that mod_security is linked against the new version. You fumble aimlessly with LD_PRELOAD, LD_RUN, LD_LIBRARY_PATH, apachectl, LoadFile, etc. You curse your own existence before googling one final time, only to stumble upon this page.

Potential solutions

mod_php is probably already linked to /usr/lib/libxml2.so.X and not the custom /usr/local/lib version. All bets are off once mod_php is loaded; the loader found its libxml2 .

Options:

a) Load mod_security first

b) Relink mod_php against your custom build (eg: /usr/local/lib/libxml)

c) Both a, b

Building libxml2

./configure --prefix=/usr/local/lib/libxml2

Building mod_security

./configure --with-libxml=/usr/local/lib/libxml2/ \
--with-apr=/usr/local/apache2/bin/apr-1-config \
--with-apu=/usr/local/apache2/bin/apu-1-config \
--with-apxs=/usr/local/apache2/bin/apxs \
--with-lua
make

References

http://stackoverflow.com/questions/2173103/is-it-possible-to-control-which-libraries-apache-uses

http://www.justin.my/2011/04/how-to-install-mod_security-in-directadmin/

http://www.modsecurity.org/

One thought on “TECH NOTES: Building mod_security with libxml2”

Leave a Reply

Your email address will not be published. Required fields are marked *