Re: [Owasp-modsecurity-core-rule-set] Question: ModSecurity 2.9.x, IIS 8 in block mode

Fri, 08 May 2015 10:52:40 -0700 

After testing ModSecurity 2.9 with IIS 8 on server 2k12, I can confirm that it 
does work with the block directive. The following base configuration resulted 
in a 403 page when triggered using the following base configuration:

SecRule On
SecDefaultAction "phase:2,deny,status:403,log"
SecRule ARGS:test "@rx test" "id:1,block,msg:'test mesg'"

Chaim Sanders
Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com<http://www.trustwave.com/>

From: <Belden>, Marion M 
<marion.m.bel...@boeing.com<mailto:marion.m.bel...@boeing.com>>
Date: Saturday, May 2, 2015 at 1:11 PM
To: 
"owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>"
 
<owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>>
Subject: [Owasp-modsecurity-core-rule-set] Question: ModSecurity 2.9.x, IIS 8 
in block mode

Will ModSecurity 2.9.x run in block mode if using IIS 8, Server 2012? Or is an 
Apache proxy required?

Thank you,
Marion


________________________________

This transmission may contain information that is privileged, confidential, 
and/or exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, distribution, 
or use of the information contained herein (including any reliance thereon) is 
strictly prohibited. If you received this transmission in error, please 
immediately contact the sender and destroy the material in its entirety, 
whether in electronic or hard copy format.

________________________________

This transmission may contain information that is privileged, confidential, 
and/or exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, distribution, 
or use of the information contained herein (including any reliance thereon) is 
strictly prohibited. If you received this transmission in error, please 
immediately contact the sender and destroy the material in its entirety, 
whether in electronic or hard copy format.

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to