Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Installing ModSecurity with OWASP for Windows

I am trying to install ModSecurity in Windows to help protect my Coldfusion/Railo websites. I downloaded the MSI and installed it but it does not seem to block SQL injection when I tested to make sure it was working.

My question is, does anybody know of a step-by-step way of installing it in Windows? I cannot find much information with details but have found numerous sources on how to install it in Linux.

I even looked at the ModSecurity Handbook by Ivan Ristic under the Windows installation page and it does not give very much detail.

Thanks in advance.

like image 542
user1709730 Avatar asked Aug 29 '13 06:08

user1709730


People also ask

What is Owasp ModSecurity?

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.

How do you check mod_security is enabled or not?

It's relatively easy to see if you are running mod_security on a WHM server. If ModSecurity is installed, you'll see Mod Security listed under your plugins.

Is ModSecurity a firewall?

ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF).


1 Answers

You need to enable ModSecurity in your web.config file by adding the following configuration element to the <system.webServer> section:

<ModSecurity enabled="true" 
             configFile="c:\inetpub\wwwroot\owasp_crs\modsecurity_iis.conf" />

Also, out of the box, the rule engine only runs in "detection mode" (and still logs problem requests to the Application event log) so as not to disrupt your live sites with false positives.

To allow ModSecurity to take action such as blocking, denying etc you need to change the SecRuleEngine directive from:

SecRuleEngine DetectionOnly

to

SecRuleEngine On

You can find this setting in:

C:\inetpub\wwwroot\owasp_crs\modsecurity.conf

Before you can edit this file you need to remove the read-only attribute. You'll also need to run your editor as Administrator as well.

like image 60
Kev Avatar answered Oct 03 '22 06:10

Kev