owasp-modsecurity · victorhora · Jun 29, 2017 · Jul 3, 2017
diff --git a/iis/build_dependencies.bat b/iis/build_dependencies.bat
@@ -1,29 +1,36 @@
-:: Those variable should be edited as needed.
+:: Those variables should be edited as needed.
 :: Use full paths.
 
 :: General paths
 @set WORK_DIR=%cd%\dependencies\build_dir
 @set OUTPUT_DIR=%cd%\dependencies\release_files
 @set SOURCE_DIR=%USERPROFILE%\Downloads
 
+:: Dependencies
+@set CMAKE=cmake-3.8.2-win32-x86.zip
+@set PCRE=pcre-8.40.zip
+@set ZLIB=zlib-1.2.11.tar.gz
+@set LIBXML2=libxml2-2.9.4.tar.gz
+@set LUA=lua-5.3.4.tar.gz
+@set CURL=curl-7.54.1.zip
+@set APACHE_SRC=httpd-2.4.26.tar.gz
+@set APACHE_BIN32=httpd-2.4.26-win32-VC11.zip
+@set APACHE_BIN64=httpd-2.4.26-win64-VC11.zip
+@set YAJL=yajl-2.1.0.zip
+@set SSDEEP=ssdeep-2.13.tar.gz
+@set SSDEEP_BIN=ssdeep-2.13.zip
+
+@set CMAKE_DIR=%WORK_DIR%\%CMAKE:~0,-4%\bin
+
 :: Aditional paths.
-@set PATH=%PATH%;c:\work\cmake-2.8.7-win32-x86\bin;"c:\program files\7-zip"
-
-@set PCRE=pcre-8.33.zip
-@set ZLIB=zlib-1.2.8.tar.gz
-@set LIBXML2=libxml2-2.9.1.tar.gz
-@set LUA=lua-5.1.5.tar.gz
-@set CURL=curl-7.39.0.zip
-@set APACHE_SRC=httpd-2.4.6.tar.gz
-@set APACHE_BIN32=httpd-2.4.6-win32-VC11.zip
-@set APACHE_BIN64=httpd-2.4.6-win64-VC11.zip
-@set YAJL=lloyd-yajl-f4b2b1a.zip
-@set SSDEEP=ssdeep-2.10.tar.gz
-@set SSDEEP_BIN=ssdeep-2.10.zip
+@set PATH=%PATH%;%CMAKE_DIR%;"c:\program files\7-zip"
+
 
 :: @set VCARGS32="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\vcvars32.bat"
 :: @set VCARGS64="C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\vcvarsx86_amd64.bat"
 
+:: Uncomment the line below if you want to attempt downloading all dependency files prior to build 
+:: @call download_files.bat
 
 :: Do not edit bellow this line.
 @set CURRENT_DIR=%cd%
@@ -45,6 +52,12 @@ call cl 2>&1 | findstr /C:"x64"
 @if (%ERRORLEVEL%) == (0) set APACHE_BIN=%APACHE_BIN64%
 
 @echo Starting with the depdendencies...
+@echo # CMake. - %CMAKE%
+@call dependencies/build_cmake.bat
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed_cmake
+@cd "%CURRENT_DIR%"
+
+
 @echo # Apache - %HTTPD%/%APACHE24_ZIP%
 @call dependencies/build_apache.bat
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed_apache
@@ -129,6 +142,10 @@ call cl 2>&1 | findstr /C:"x64"
 @echo Failed to setup %SSDEEP%...
 @goto failed
 
+:build_failed_cmake
+@echo Failed to setup %CMAKE%...
+@goto failed
+
 :failed
 @cd %CURRENT_DIR%
 @exit /B 1

diff --git a/iis/build_modsecurity.bat b/iis/build_modsecurity.bat
@@ -15,7 +15,7 @@ set CURRENT_DIR=%cd%
 cd ..\apache2
 del *.obj *.dll *.lib
 del libinjection\*.obj libinjection\*.dll libinjection\*.lib
-NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.0.1 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl IIS_BUILD=yes
+NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\%YAJL_DIR% SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl IIS_BUILD=yes
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed
 
 @echo mlogc...
@@ -29,7 +29,7 @@ nmake -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEP
 cd ..\iis
 del *.obj *.dll *.lib
 nmake -f Makefile.win clean
-NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\yajl-2.0.1 SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl
+NMAKE -f Makefile.win APACHE=..\iis\%DEPENDENCIES_DIR%\Apache24 PCRE=..\iis\%DEPENDENCIES_DIR%\pcre LIBXML2=..\iis\%DEPENDENCIES_DIR%\libxml2 LUA=..\iis\%DEPENDENCIES_DIR%\lua\src VERSION=VERSION_IIS YAJL=..\iis\%DEPENDENCIES_DIR%\yajl\build\%YAJL_DIR% SSDEEP=..\iis\%DEPENDENCIES_DIR%\ssdeep CURL=..\iis\%DEPENDENCIES_DIR%\curl
 @if NOT (%ERRORLEVEL%) == (0) goto build_failed
 
 cd %CURRENT_DIR%

diff --git a/iis/dependencies/build_cmake.bat b/iis/dependencies/build_cmake.bat
@@ -0,0 +1,20 @@
+@cd "%WORK_DIR%"
+
+@if NOT EXIST "%SOURCE_DIR%\%CMAKE%" goto file_not_found
+
+
+@7z.exe x "%SOURCE_DIR%\%CMAKE%"
+@if NOT (%ERRORLEVEL%) == (0) goto something_went_wrong
+
+@exit /B 0
+
+:file_not_found
+@echo File not found: %SOURCE_DIR%\%CMAKE%
+@goto failed
+
+:something_went_wrong
+@echo Something went wrong while unzip CMake files.
+@goto failed
+
+:failed
+@exit /B 1
diff --git a/iis/dependencies/build_pcre.bat b/iis/dependencies/build_pcre.bat
@@ -1,32 +1,39 @@
-cd "%WORK_DIR%"
-
-@if NOT EXIST "%SOURCE_DIR%\%APACHE_BIN%" goto file_not_found_bin
-
-7z.exe x "%SOURCE_DIR%\%PCRE%"
-set PCRE_DIR=%PCRE:~0,-4%
-
+::@if NOT (%ERRORLEVEL%) == (1) Echo "Patch successfull... For more info on patch see: https://vcs.pcre.org/pcre/code/trunk/CMakeLists.txt?r1=1659&r2=1677&view=patch"
+
+cd "%WORK_DIR%"
+
+@if NOT EXIST "%SOURCE_DIR%\%APACHE_BIN%" goto file_not_found_bin
+
+7z.exe x "%SOURCE_DIR%\%PCRE%"
+set PCRE_DIR=%PCRE:~0,-4%
+
 move "%PCRE_DIR%" "pcre"
-
+
+@if "%PCRE_DIR%" == "pcre-8.40" (
+	Echo. && Echo "PCRE 8.40 found... patching with patch-pcre-8.40.vbs..." 
+	cscript /B /Nologo ../patch-pcre-8.40.vbs
+)
+
 cd "pcre"
-CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True
-@if NOT (%ERRORLEVEL%) == (0) goto build_failed
-NMAKE
-@if NOT (%ERRORLEVEL%) == (0) goto build_failed
-cd "%WORK%"
-
+CMAKE -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=True
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+NMAKE
+@if NOT (%ERRORLEVEL%) == (0) goto build_failed
+cd "%WORK%"
+
 copy /y "%WORK_DIR%\pcre\pcre.dll" "%OUTPUT_DIR%"
 copy /y "%WORK_DIR%\pcre\pcre.pdb" "%OUTPUT_DIR%"
 copy /y "%WORK_DIR%\pcre\pcre.lib" "%OUTPUT_DIR%"
-echo "a"
-@exit /B 0
-
-:file_not_found_bin
-@echo File not found: "%SOURCE_DIR%\%PCRE%"
-@goto failed
-
-:build_failed
-@echo Problems during the building phase
-@goto failed
-
-:failed
-@exit /B 1
+echo "a"
+@exit /B 0
+
+:file_not_found_bin
+@echo File not found: "%SOURCE_DIR%\%PCRE%"
+@goto failed
+
+:build_failed
+@echo Problems during the building phase
+@goto failed
+
+:failed
+@exit /B 1
diff --git a/iis/dependencies/build_yajl.bat b/iis/dependencies/build_yajl.bat
@@ -20,10 +20,10 @@ nmake
 
 cd "%WORK%"
 
-copy /y "%WORK_DIR%\yajl\build\yajl-2.0.1\lib\yajl.dll" "%OUTPUT_DIR%"
-copy /y "%WORK_DIR%\yajl\build\yajl-2.0.1\lib\yajl.pdb" "%OUTPUT_DIR%"
-copy /y "%WORK_DIR%\yajl\build\yajl-2.0.1\lib\yajl.lib" "%OUTPUT_DIR%"
-copy /y "%WORK_DIR%\yajl\build\yajl-2.0.1\lib\yajl_s.lib" "%OUTPUT_DIR%"
+copy /y "%WORK_DIR%\yajl\build\%YAJL_DIR%\lib\yajl.dll" "%OUTPUT_DIR%"
+copy /y "%WORK_DIR%\yajl\build\%YAJL_DIR%\lib\yajl.pdb" "%OUTPUT_DIR%"
+copy /y "%WORK_DIR%\yajl\build\%YAJL_DIR%\lib\yajl.lib" "%OUTPUT_DIR%"
+copy /y "%WORK_DIR%\yajl\build\%YAJL_DIR%\lib\yajl_s.lib" "%OUTPUT_DIR%"
 
 @exit /B 0
 

diff --git a/iis/dependencies/howto.txt b/iis/dependencies/howto.txt
@@ -1,44 +1,52 @@
-WARNING!
-
-Building ModSecurityIIS on Windows is a relatively complicated process. Understanding it requires advanced knowledge of Windows and Unix environments.
-Using the same versions of libraries as listed below is strongly recommended.
-
---------------------------------------
-Tested on:
-
-Windows 7 x64
-Vistual Studio 2010 Ultimate SP1
-IIS enabled/installed
-
-cmake 2.8.7
-curl 7.24.0
-apache 2.2.22 or apache 2.4.3
-libxml2 2.7.7
-lua 5.1.5
-pcre 8.30
-zlib 1.2.7
-7-Zip
---------------------------------------
-
-1. Create working directory c:\work and drop directory c:\drop
-2. Sync SVN ModSecurity branch to c:\work\mod_security
-3. Copy files from c:\work\mod_security\iis\winbuild to c:\work
-4. Download and install cmake (unpack to c:\work\cmake-2.8.7-win32-x86)
-5. Download and install 7-Zip
-6. Adjust paths in c:\work\init.bat accordingly if needed
-7. Download curl, apache, libxml2, lua, pcre and zlib, place them in zip files in c:\work
-
-curl-7.24.0.zip
-httpd-2.2.22-win32-src.zip or (httpd-2.4.3.zip (source) and httpd-2.4.3-win32.zip + httpd-2.4.3-win64.zip (binaries))
-libxml2-2.7.7.zip
-lua-5.1.5.zip
-pcre-8.30.zip
-zlib-1.2.7.zip
-
-Modify c:\work\build.bat accordingly (if other versions were used)
-
-8. Open cmd.exe window, go to c:\work and run buildall.bat
-9. When done, the binaries, lib and pdb files should appear under c:\drop\x86 (32-bit) and c:\drop\amd64 (64-bit)
-10. Open the VS ModSecurity IIS installer project
-11. Copy new binaries to the installer's x86 and amd64 directories
-12. Build installer from within VS
+The build process for ModSecurityIIS for Windows was a relatively complicated process. Understanding it required advanced knowledge of Windows and Unix environments.
+So the build process was refactored to make it easier for users to create their own builds with the automated batch scripts.
+
+* build_release.bat -> The main build script that calls all the others to have a working release
+* build_msi.bat -> Creates the MSI self-installer for easy deploy / removal / distribution
+
+* build_dependencies.bat -> Sets (and downloads if needed) all required dependencies
+* build_modsecurity.bat -> Builds ModSecurity (requires all depenedencies being set)
+
+* download_files.bat -> Downloads all required dependencies to the default Downloads folder
+** This script is disabled by default. If you want to enable it, uncomment the "@call download_files.bat" line on build_dependencies.bat
+
+The dependencies folder also includes a set o batch scripts which sets each dependency
+on its own. These scripts are called by the build_dependencies.bat script.
+
+Using the same versions of libraries as listed below is  recommended.
+--------------------------------------
+Compilation Prerequisites:
+
+* Windows 7 x86_x64 (Should work on newer versions of Windows too)
+* Vistual Studio 2013 Express (Other versions should work, but you need to set the correct path for vcvars.bat scripts)
+* IIS enabled/installed
+* 7-Zip
+
+--------------------------------------
+
+The latest versions of ModSecurity dependencies known to work well are the following:
+
+cmake-3.8.2-win32-x86
+pcre-8.40 (patch required and included on file "patch-pcre-8.40.vbs")
+zlib-1.2.11
+libxml2-2.9.4
+lua-5.3.4
+curl-7.54.1
+httpd-2.4.26 (bin-VC11)
+yajl-2.1.0
+ssdeep-2.13
+
+--------------------------------------
+
+1. Create working directory (e.g. c:\work) and drop the latest clone from ModSecurity's 2.x Github (https://github.com/SpiderLabs/ModSecurity/archive/v2/master.zip)
+2. Make sure the prerequisites mentioned above are all set
+3. If you haven't download the dependency files before, uncomment the "@call download_files.bat" line on build_dependencies.bat to have them downloaded prior
+4. Open a command prompt (cmd.exe) and head to the "iis" folder inside ModSecurity tree working directory (e.g. cd c:\work\ModSecurity\iis)
+5. If you need to modify anything (e.g. paths, versions etc), carefully edit the batch files.
+6. Run build_release.bat
+7. When done, the binaries, lib and pdb files should appear under c:\work\ModSecurity\iis\release\x86 (32-bit) and c:\work\ModSecurity\iis\release\amd64 (64-bit)
+* At this point, if you had a previous installation of ModSecurity and would like to test you can place the x86 files to "C:\Windows\SysWOW64\inetsrv" and x64 files to "C:\Windows\System32\inetsrv" 
+
+8. If all went well, you can build the MSI installer by running the build_msi.bat script.
+
+* The built installable package places the files to the correct folders, automatically configures the ModSecurity IIS native module and configures web.config to enable ModSecurity for all IIS sites.
diff --git a/iis/dependencies/patch-pcre-8.40.vbs b/iis/dependencies/patch-pcre-8.40.vbs
@@ -0,0 +1,33 @@
+'Dirty patch for compiling PCRE 8.40 on Windows as per:https://vcs.pcre.org/pcre/code/trunk/CMakeLists.txt?r1=1659&r2=1677&view=patch
+
+
+Set oShell = CreateObject( "WScript.Shell" )
+workdir=oShell.ExpandEnvironmentStrings("%WORK_DIR%")
+
+
+strFile = workdir & "\pcre\CMakeLists.txt"
+strFileTmp = workdir & "\pcre\CMakeLists-patched.txt"
+
+'strFile = "c:\Users\vhora\Downloads\CMakeLists.txt"
+'strFileTmp = "c:\Users\vhora\Downloads\CMakeLists-patched.txt"
+
+Dim fso
+Set fso = WScript.CreateObject("Scripting.Filesystemobject")
+Set f = fso.CreateTextFile(strFileTmp, 2)
+Set objFS = CreateObject("Scripting.FileSystemObject")
+Set objFile = objFS.OpenTextFile(strFile)
+
+Do Until objFile.AtEndOfStream
+    strLine = objFile.ReadLine
+    If InStr(strLine,"OPTION(PCRE_STATIC_RUNTIME OFF CACHE BOOL")> 0 Then
+        strLine = Replace(strLine,"OPTION(PCRE_STATIC_RUNTIME OFF CACHE BOOL","OPTION(PCRE_STATIC_RUNTIME")
+    End If 
+    f.WriteLine strLine
+Loop
+
+f.Close
+
+
+objFile.Close
+objFS.DeleteFile(strFile)
+objFS.MoveFile strFileTmp, strFile
diff --git a/iis/download_files.bat b/iis/download_files.bat
@@ -0,0 +1,41 @@
+
+::@set CMAKE=cmake-3.8.2-win32-x86.zip
+::@set PCRE=pcre-8.40.zip
+::@set ZLIB=zlib-1.2.11.tar.gz
+::@set LIBXML2=libxml2-2.9.4.tar.gz
+::@set LUA=lua-5.3.4.tar.gz
+::@set CURL=curl-7.54.1.zip
+::@set APACHE_SRC=httpd-2.4.26.tar.gz
+::@set APACHE_BIN32=httpd-2.4.26-win32-VC11.zip
+::@set APACHE_BIN64=httpd-2.4.26-win64-VC11.zip
+::@set YAJL=yajl-2.1.0.zip
+::@set SSDEEP=ssdeep-2.13.tar.gz
+::@set SSDEEP_BIN=ssdeep-2.13.zip
+
+:: BITSAdmin refuses to download YAJL from GitHub URL
+:: @set YAJL_URL=https://github.com/lloyd/yajl/archive/%YAJL:~-9%
+@set YAJL_URL=http://http.debian.net/debian/pool/main/y/yajl/yajl_2.1.0.orig.tar.gz
+
+@set CMAKE_URL=https://cmake.org/files/v3.8/%CMAKE%  
+@set PCRE_URL=https://ftp.pcre.org/pub/pcre/%PCRE% 
+@set ZLIB_URL=https://zlib.net/%ZLIB%
+@set LIBXML2_URL=http://xmlsoft.org/sources/%LIBXML2% 
+@set LUA_URL=https://www.lua.org/ftp/%LUA% 
+@set CURL_URL=http://curl.askapache.com/download/%CURL% 
+@set APACHE_SRC_URL=https://www.apache.org/dist/httpd/%APACHE_SRC%
+@set APACHE_BIN_URL=https://www.apachelounge.com/download/VC11/binaries
+@set SSDEEP_URL=https://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13
+
+bitsadmin.exe /transfer "Downloading dependencies..." %CMAKE_URL% %SOURCE_DIR%\%CMAKE% %PCRE_URL% %SOURCE_DIR%\%PCRE% %ZLIB_URL% %SOURCE_DIR%\%ZLIB% %LIBXML2_URL% %SOURCE_DIR%\%LIBXML2% %LUA_URL% %SOURCE_DIR%\%LUA% %CURL_URL% %SOURCE_DIR%\%CURL% %APACHE_SRC_URL% %SOURCE_DIR%\%APACHE_SRC% %APACHE_BIN_URL%/%APACHE_BIN32% %SOURCE_DIR%\%APACHE_BIN32% %APACHE_BIN_URL%/%APACHE_BIN64% %SOURCE_DIR%\%APACHE_BIN64% %YAJL_URL% %SOURCE_DIR%\%YAJL% %SSDEEP_URL%/%SSDEEP% %SOURCE_DIR%\%SSDEEP% %SSDEEP_URL%/%SSDEEP_BIN% %SOURCE_DIR%\%SSDEEP_BIN%
+
+
+@if NOT (%ERRORLEVEL%) == (0) goto :failed_to_download
+@exit /B 0
+
+:failed_to_download
+@echo. && echo Failed to download dependency files... Try again or manually download the files to %SOURCE_DIR% and comment "@call download_files.bat" from build_dependencies.bat
+@goto failed
+
+:failed
+@exit /B 1
+