fix: address Copilot review feedback on Windows build

- Fix "installion" typo in Makefile.win usage comments
- Fix "mlocg.exe" typo in README_WINDOWS.md
- Fix SecAuditLogRelevantStatus regex to use negative lookahead
- Check PCRE2 archive existence in build_pcre.bat instead of Apache
- Wire up WITH_PCRE_JIT option in iis/CMakeLists.txt
- Quote %log_file% paths in list_dependencies.bat for spaces
- Use explicit PowerShell path via [SystemFolder] in installer.wxs
- Change CreateModSecurityDirs to Return="check" to surface errors
- Restore Action="createAndRemoveOnUninstall" on RegistryKey
- Only print verbose MSI log on installation failure in CI

Author: fzipi

.github/workflows/test-ci-windows.yml

@@ -257,17 +257,20 @@ jobs:
           $logSize = (Get-Item $installLog).Length
           Write-Host "Install log created: $installLog ($logSize bytes)"
 
-          Write-Host "`n=== Installation Log Contents ==="
-          if ($logSize -gt 0) {
-            Get-Content $installLog -Raw | Write-Host
-          } else {
-            Write-Host "WARNING: Log file is empty!"
-          }
         } else {
           Write-Host "WARNING: Install log was not created at $installLog"
         }
 
         if ($installResult.ExitCode -ne 0) {
+          Write-Host "`n=== Full Installation Log (installation failed) ==="
+          if (Test-Path $installLog) {
+            $logSize = (Get-Item $installLog).Length
+            if ($logSize -gt 0) {
+              Get-Content $installLog -Raw | Write-Host
+            } else {
+              Write-Host "WARNING: Log file is empty!"
+            }
+          }
           Write-Host "`n=== Installation Failed ==="
           Write-Host "Exit code: $($installResult.ExitCode)"
           Write-Host "Common MSI error codes:"

README_WINDOWS.md

@@ -142,7 +142,7 @@ Add configuration directives to your Apache conf\httpd.conf:
         Include conf/owasp_crs/crs-setup.conf
         Include conf/owasp_crs/rules/*.conf
         SecAuditEngine RelevantOnly
-        SecAuditLogRelevantStatus "^(?:5|4\d[^4])"
+        SecAuditLogRelevantStatus "^(?:5|4(?!04))"
         SecAuditLogType Serial
         SecAuditLogParts ABCDEFGHZ
         SecAuditLog logs/modsecurity.log
@@ -171,7 +171,7 @@ Build the ``mlogc.exe`` program:
         CD  C:\work\mod_security_trunk\mlogc
         NMAKE -f Makefile.win
 
-Copy ``mlocg.exe`` to ``C:\Apache2466\bin\``
+Copy ``mlogc.exe`` to ``C:\Apache2466\bin\``
 
 Create a new command file ``C:\Apache2466\bin\mlogc.bat`` with one line:
 

apache2/Makefile.win

@@ -1,6 +1,6 @@
 ###########################################################################
 #
-# Usage:   NMAKE -f Makefile.win APACHE={httpd installion dir}  PCRE={pcre2 dir} LIBXML2={LibXML2 dir} [   LUA={Lua dir} ]
+# Usage:   NMAKE -f Makefile.win APACHE={httpd installation dir}  PCRE={pcre2 dir} LIBXML2={LibXML2 dir} [   LUA={Lua dir} ]
 # Note: ModSecurity v2 uses PCRE2 by default (not legacy PCRE). Set PCRE to your pcre2 build directory.
 #
 !IF "$(APACHE)" == "" || "$(PCRE)" == "" || "$(LIBXML2)" == "" || "$(CURL)" == ""

iis/CMakeLists.txt

@@ -166,6 +166,11 @@ target_compile_definitions(${IIS_MODULE_NAME} PRIVATE
     ${MODSECURITY_VERSION_FLAG}
 )
 
+option(WITH_PCRE_JIT "Enable PCRE2 JIT support" OFF)
+if(WITH_PCRE_JIT)
+    target_compile_definitions(${IIS_MODULE_NAME} PRIVATE WITH_PCRE_JIT)
+endif()
+
 option(WITH_LUA "Enable Lua support" OFF)
 if(WITH_LUA)
     find_package(Lua CONFIG REQUIRED)

iis/Makefile.win

@@ -1,6 +1,6 @@
 ###########################################################################
 #
-# Usage:   NMAKE -f Makefile.win APACHE={httpd installion dir}  PCRE={pcre2 dir} LIBXML2={LibXML2 dir} [   LUA={Lua dir} ]
+# Usage:   NMAKE -f Makefile.win APACHE={httpd installation dir}  PCRE={pcre2 dir} LIBXML2={LibXML2 dir} [   LUA={Lua dir} ]
 # Note: ModSecurity v2 uses PCRE2 by default (not legacy PCRE). Set PCRE to your pcre2 build directory.
 #
 !IF "$(APACHE)" == "" || "$(PCRE)" == "" || "$(LIBXML2)" == "" || "$(CURL)" == ""

iis/dependencies/build_pcre.bat

@@ -2,7 +2,7 @@
 
 cd "%WORK_DIR%"
 
-@if NOT EXIST "%SOURCE_DIR%\%APACHE_BIN%" goto file_not_found_bin
+@if NOT EXIST "%SOURCE_DIR%\%PCRE%" goto file_not_found_bin
 
 7z.exe x "%SOURCE_DIR%\%PCRE%"
 set PCRE_DIR=%PCRE:~0,-4%

iis/installer.wxs

@@ -201,7 +201,7 @@
                 <util:XmlConfig Id="appHostEntryAllowDefinition" File="$(var.ConfigFile)" ElementPath="appHostEntry" Name="allowDefinition" Value="Everywhere" Sequence="4" />
                 <util:XmlConfig Id="removeAppHostEntry" File="$(var.ConfigFile)" Action="delete" ElementPath="/configuration/configSections/sectionGroup[\[]@name='system.webServer'[\]]" Node="element" VerifyPath="section[\[]@name='ModSecurity'[\]]" On="uninstall" Sequence="1" />
                 <util:XmlConfig Id="removeAppHostEntry2" File="$(var.ConfigFile)" Action="delete" ElementPath="/configuration/system.webServer" Node="element" VerifyPath="/configuration/system.webServer/ModSecurity" Name="section" On="uninstall" Sequence="2" />
-                <RegistryKey Root="HKLM" Key="SOFTWARE\ModSecurity\ModSecurity">
+                <RegistryKey Root="HKLM" Key="SOFTWARE\ModSecurity\ModSecurity" Action="createAndRemoveOnUninstall">
                     <RegistryValue Type="string" Name="ModSecurityConfigureIIS" Value="[IIS_SETUP]" KeyPath="yes" />
                 </RegistryKey>
             </Component>
@@ -412,7 +412,7 @@
         <CustomAction Id="Cleanup5" Execute="deferred" Impersonate="no" Return="ignore" Directory="INSTALLFOLDER" ExeCommand="&quot;[SystemFolder]inetsrv\appcmd.exe&quot; uninstall module /module.name:&quot;ModSecurityIIS&quot;" />
         <?endif?>
         <!-- Create required directories for ModSecurity with proper permissions for IIS -->
-        <CustomAction Id="CreateModSecurityDirs" Execute="deferred" Impersonate="no" Return="ignore" Directory="INSTALLFOLDER" ExeCommand="powershell.exe -NoProfile -ExecutionPolicy Bypass -Command &quot;New-Item -ItemType Directory -Path 'c:\inetpub\temp', 'c:\inetpub\logs' -Force | Out-Null; icacls 'c:\inetpub\temp' /grant 'IIS_IUSRS:(OI)(CI)M' /T /Q | Out-Null; icacls 'c:\inetpub\logs' /grant 'IIS_IUSRS:(OI)(CI)M' /T /Q | Out-Null&quot;" />
+        <CustomAction Id="CreateModSecurityDirs" Execute="deferred" Impersonate="no" Return="check" Directory="INSTALLFOLDER" ExeCommand="&quot;[SystemFolder]WindowsPowerShell\v1.0\powershell.exe&quot; -NoProfile -ExecutionPolicy Bypass -Command &quot;New-Item -ItemType Directory -Path 'c:\inetpub\temp', 'c:\inetpub\logs' -Force | Out-Null; icacls 'c:\inetpub\temp' /grant 'IIS_IUSRS:(OI)(CI)M' /T /Q | Out-Null; icacls 'c:\inetpub\logs' /grant 'IIS_IUSRS:(OI)(CI)M' /T /Q | Out-Null&quot;" />
         <?if $(var.Win64) = "yes" ?>
         <CustomAction Id="InstallModule32" Execute="deferred" Impersonate="no" Return="check" Directory="INSTALLFOLDER" ExeCommand="&quot;[System64Folder]inetsrv\appcmd.exe&quot; install module /name:&quot;ModSecurity IIS (64bits)&quot; /image:&quot;%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll&quot; /preCondition:&quot;bitness64&quot;" />
         <CustomAction Id="InstallModule64" Execute="deferred" Impersonate="no" Return="check" Directory="INSTALLFOLDER" ExeCommand="&quot;[System64Folder]inetsrv\appcmd.exe&quot; install module /name:&quot;ModSecurity IIS (32bits)&quot; /image:&quot;%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll&quot; /preCondition:&quot;bitness32&quot;" />

iis/wix/list_dependencies.bat

@@ -71,15 +71,15 @@ if %errorlevel% equ 0 (
     echo [MISSING] Visual C++ 2019 Redistributable (x86) is NOT installed >> "%log_file%"
     echo          Download from: https://aka.ms/vs/17/release/vc_redist.x86.exe >> "%log_file%"
 )
-echo. >> %log_file%
+echo. >> "%log_file%"
 
 REM Updated paths to include Visual Studio 2019 and 2022
 set POSSIBLE_PATHS_X86="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\*\bin\Hostx86\x86\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\bin\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\dumpbin.exe"
 set POSSIBLE_PATHS_X64="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\*\bin\Hostx64\x64\dumpbin.exe" "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\dumpbin.exe"
 
 for %%i in (%POSSIBLE_PATHS_X86%) do (
 	echo Checking for dumpbin x86... %%i
-	echo Checking for dumpbin x86... %%i >> %log_file% 
+	echo Checking for dumpbin x86... %%i >> "%log_file%"
 	if exist %%i (
 		SET DUMPBIN_X86=%%i
 		goto found_x86
@@ -89,87 +89,87 @@ for %%i in (%POSSIBLE_PATHS_X86%) do (
 
 for %%i in (%POSSIBLE_PATHS_X64%) do (
 	echo Checking for dumpbin x64... %%i
-	echo Checking for dumpbin x64... %%i >> %log_file% 
+	echo Checking for dumpbin x64... %%i >> "%log_file%"
 	if exist %%i (
 		SET DUMPBIN_X64=%%i
 		goto found_x64
 	)
 )
 :found_x64
 
-echo ================================================ >> %log_file%
-echo ModSecurity IIS Dependency Analysis >> %log_file%
-echo ================================================ >> %log_file%
-echo. >> %log_file%
+echo ================================================ >> "%log_file%"
+echo ModSecurity IIS Dependency Analysis >> "%log_file%"
+echo ================================================ >> "%log_file%"
+echo. >> "%log_file%"
 
 REM Check ModSecurity DLL locations
-echo Checking ModSecurity DLL locations... >> %log_file%
+echo Checking ModSecurity DLL locations... >> "%log_file%"
 if exist "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" (
-    echo [FOUND] %SystemRoot%\System32\inetsrv\ModSecurityIIS.dll >> %log_file%
+    echo [FOUND] %SystemRoot%\System32\inetsrv\ModSecurityIIS.dll >> "%log_file%"
 ) else (
-    echo [MISSING] %SystemRoot%\System32\inetsrv\ModSecurityIIS.dll >> %log_file%
+    echo [MISSING] %SystemRoot%\System32\inetsrv\ModSecurityIIS.dll >> "%log_file%"
 )
 
 if exist "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" (
-    echo [FOUND] %SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll >> %log_file%
+    echo [FOUND] %SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll >> "%log_file%"
 ) else (
-    echo [MISSING] %SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll >> %log_file%
+    echo [MISSING] %SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll >> "%log_file%"
 )
-echo. >> %log_file%
+echo. >> "%log_file%"
 
 if "%DUMPBIN_X86:~1,-1%" == "" (
 	echo Dumpbin x86 not found.
-	echo Dumpbin x86 not found. >> %log_file%
-	echo NOTE: Install Visual Studio 2019/2022 with C++ tools to use dumpbin. >> %log_file%
+	echo Dumpbin x86 not found. >> "%log_file%"
+	echo NOTE: Install Visual Studio 2019/2022 with C++ tools to use dumpbin. >> "%log_file%"
 ) else (
 	echo Using dumpbin x86: %DUMPBIN_X86%
-	echo Using dumpbin x86: %DUMPBIN_X86% >> %log_file%
-	echo. >> %log_file%
+	echo Using dumpbin x86: %DUMPBIN_X86% >> "%log_file%"
+	echo. >> "%log_file%"
 	if exist "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" (
-		echo ================================================ >> %log_file%
-		echo 32-bit ModSecurityIIS.dll dependencies: >> %log_file%
-		echo ================================================ >> %log_file%
-		%DUMPBIN_X86% /imports /dependents "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" >> %log_file% 2>&1
+		echo ================================================ >> "%log_file%"
+		echo 32-bit ModSecurityIIS.dll dependencies: >> "%log_file%"
+		echo ================================================ >> "%log_file%"
+		%DUMPBIN_X86% /imports /dependents "%SystemRoot%\SysWOW64\inetsrv\ModSecurityIIS.dll" >> "%log_file%" 2>&1
 	)
 	if not "%*" == "" (
-		echo. >> %log_file%
-		echo ================================================ >> %log_file%
-		echo Additional files specified: >> %log_file%
-		echo ================================================ >> %log_file%
-		%DUMPBIN_X86% /imports /dependents %* >> %log_file% 2>&1
+		echo. >> "%log_file%"
+		echo ================================================ >> "%log_file%"
+		echo Additional files specified: >> "%log_file%"
+		echo ================================================ >> "%log_file%"
+		%DUMPBIN_X86% /imports /dependents %* >> "%log_file%" 2>&1
 	)
 )
 
-echo. >> %log_file%
+echo. >> "%log_file%"
 
 if "%DUMPBIN_X64:~1,-1%" == "" (
 	echo Dumpbin x64 not found.
-	echo Dumpbin x64 not found. >> %log_file%
-	echo NOTE: Install Visual Studio 2019/2022 with C++ tools to use dumpbin. >> %log_file%
+	echo Dumpbin x64 not found. >> "%log_file%"
+	echo NOTE: Install Visual Studio 2019/2022 with C++ tools to use dumpbin. >> "%log_file%"
 ) else (
 	echo Using dumpbin x64: %DUMPBIN_X64%
-	echo Using dumpbin x64: %DUMPBIN_X64% >> %log_file%
-	echo. >> %log_file%
+	echo Using dumpbin x64: %DUMPBIN_X64% >> "%log_file%"
+	echo. >> "%log_file%"
 	if exist "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" (
-		echo ================================================ >> %log_file%
-		echo 64-bit ModSecurityIIS.dll dependencies: >> %log_file%
-		echo ================================================ >> %log_file%
-		%DUMPBIN_X64% /imports /dependents "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" >> %log_file% 2>&1
+		echo ================================================ >> "%log_file%"
+		echo 64-bit ModSecurityIIS.dll dependencies: >> "%log_file%"
+		echo ================================================ >> "%log_file%"
+		%DUMPBIN_X64% /imports /dependents "%SystemRoot%\System32\inetsrv\ModSecurityIIS.dll" >> "%log_file%" 2>&1
 	)
 	if not "%*" == "" (
-		echo. >> %log_file%
-		echo ================================================ >> %log_file%
-		echo Additional files specified: >> %log_file%
-		echo ================================================ >> %log_file%
-		%DUMPBIN_X64% /imports /dependents %* >> %log_file% 2>&1
+		echo. >> "%log_file%"
+		echo ================================================ >> "%log_file%"
+		echo Additional files specified: >> "%log_file%"
+		echo ================================================ >> "%log_file%"
+		%DUMPBIN_X64% /imports /dependents %* >> "%log_file%" 2>&1
 	)
 )
 
 goto exit
 
 :exit
-echo Logs were saved at: %log_file%.
+echo Logs were saved at: "%log_file%".
 echo Trying to open it with explorer...
-explorer %log_file%
+explorer "%log_file%"
 echo Done.
 pause