I am trying to install ModSecurity in Windows to help protect my Coldfusion/Railo websites. I downloaded the MSI and installed it but it does not seem to block SQL injection when I tested to make sure it was working.
My question is, does anybody know of a step-by-step way of installing it in Windows? I cannot find much information with details but have found numerous sources on how to install it in Linux.
I even looked at the ModSecurity Handbook by Ivan Ristic under the Windows installation page and it does not give very much detail.
Thanks in advance.
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
It's relatively easy to see if you are running mod_security on a WHM server. If ModSecurity is installed, you'll see Mod Security listed under your plugins.
ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF).
You need to enable ModSecurity in your web.config
file by adding the following configuration element to the <system.webServer>
section:
<ModSecurity enabled="true"
configFile="c:\inetpub\wwwroot\owasp_crs\modsecurity_iis.conf" />
Also, out of the box, the rule engine only runs in "detection mode" (and still logs problem requests to the Application event log) so as not to disrupt your live sites with false positives.
To allow ModSecurity to take action such as blocking, denying etc you need to change the SecRuleEngine
directive from:
SecRuleEngine DetectionOnly
to
SecRuleEngine On
You can find this setting in:
C:\inetpub\wwwroot\owasp_crs\modsecurity.conf
Before you can edit this file you need to remove the read-only attribute. You'll also need to run your editor as Administrator as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With