OK. I confirmed that .NET is installed from:
http://www.microsoft.com/en-us/download/details.aspx?id=17851
...added this web.config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
</system.web>
<system.webServer>
<ModSecurity enabled="true"
configFile="C:\inetpub\wwwroot\owasp_crs\modsecurity_iis.conf" />
</system.webServer>
</configuration>
...and then tried original hack attempt. Ended up looking at "normal" page,
not a "denied" message. Any ideas as to what to try next?
On Tue, Jun 25, 2013 at 4:39 PM, Dave Watts <[email protected]> wrote:
>
> > Thanks. It looks like that relies on edits to:
> >
> > \IIS webroot\web.config
> >
> > With IIS 6 and ACF (no .NET), I do not even have that file present. Do
> you
> > know: do I just add it as a blank text file and then start throwing
> > ModSecurity stuff into it?
>
> The web.config file is XML, not plaintext. And I believe you have to
> have .NET installed at least, even if you're not using it. But once
> you've installed .NET, you can create your own web.config files.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
>
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite.
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356083
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
