Installing ModSecurity with OWASP for Windows

Question

I am trying to install ModSecurity in Windows to help protect my Coldfusion/Railo websites. I downloaded the MSI and installed it but it does not seem to block SQL injection when I tested to make sure it was working.

My question is, does anybody know of a step-by-step way of installing it in Windows? I cannot find much information with details but have found numerous sources on how to install it in Linux.

I even looked at the ModSecurity Handbook by Ivan Ristic under the Windows installation page and it does not give very much detail.

Thanks in advance.

Answer 1

You need to enable ModSecurity in your web.config file by adding the following configuration element to the <system.webServer> section:

<ModSecurity enabled="true" 
             configFile="c:\inetpub\wwwroot\owasp_crs\modsecurity_iis.conf" />

Also, out of the box, the rule engine only runs in "detection mode" (and still logs problem requests to the Application event log) so as not to disrupt your live sites with false positives.

To allow ModSecurity to take action such as blocking, denying etc you need to change the SecRuleEngine directive from:

SecRuleEngine DetectionOnly

to

SecRuleEngine On

You can find this setting in:

C:\inetpub\wwwroot\owasp_crs\modsecurity.conf

Before you can edit this file you need to remove the read-only attribute. You'll also need to run your editor as Administrator as well.