5

I am trying to install ModSecurity in Windows to help protect my Coldfusion/Railo websites. I downloaded the MSI and installed it but it does not seem to block SQL injection when I tested to make sure it was working.

My question is, does anybody know of a step-by-step way of installing it in Windows? I cannot find much information with details but have found numerous sources on how to install it in Linux.

I even looked at the ModSecurity Handbook by Ivan Ristic under the Windows installation page and it does not give very much detail.

Thanks in advance.

Antti Haapala -- Слава Україні
  • 129,958
  • 22
  • 279
  • 321
user1709730
  • 141
  • 2
  • 10
  • This isn't a code-related question, so should probably be on Super User (http://superuser.com/about) – Adam Cameron Aug 29 '13 at 08:25
  • @AdamCameron - this is more like a server config question. SuperUser would be the wrong place for this. – Kev Aug 29 '13 at 08:47
  • Yeah, maybe ServerFault (http://serverfault.com/about) would be a better match. Either way, the point is: not really appropriate for here? – Adam Cameron Aug 29 '13 at 12:42
  • 1
    Either ServerFault, or - since it's a security tool - maybe [itsecurity.se] would get better response? (Though if Kev's answer below is the solution then maybe this is moot.) – Peter Boughton Aug 29 '13 at 17:04
  • I apologize. I did not know the other websites existed until this message. This will no happen again. – user1709730 Aug 29 '13 at 18:15
  • Don't worry, it's not a big problem - just a matter of asking where you're most likely to find the right people to answer. There's a list of various other sites at the bottom of the page (just hit End key). :) – Peter Boughton Aug 29 '13 at 21:38

1 Answers1

5

You need to enable ModSecurity in your web.config file by adding the following configuration element to the <system.webServer> section:

<ModSecurity enabled="true" 
             configFile="c:\inetpub\wwwroot\owasp_crs\modsecurity_iis.conf" />

Also, out of the box, the rule engine only runs in "detection mode" (and still logs problem requests to the Application event log) so as not to disrupt your live sites with false positives.

To allow ModSecurity to take action such as blocking, denying etc you need to change the SecRuleEngine directive from:

SecRuleEngine DetectionOnly

to 

SecRuleEngine On

You can find this setting in:

C:\inetpub\wwwroot\owasp_crs\modsecurity.conf

Before you can edit this file you need to remove the read-only attribute. You'll also need to run your editor as Administrator as well.

Kev
  • 118,037
  • 53
  • 300
  • 385