Re: [Owasp-modsecurity-core-rule-set] Windows IIS ModSecurity 2.9.1 SecRuleEngine DetectionOnly

Wed, 24 Aug 2016 09:12:59 -0700 

Hi, Steffen, I've been having a similar problem with my connection being 
aborted when I turn the engine on for a particular site. No audit messages, but 
I haven't had a chance to try turning on the debug log. Most frustrating is 
that I run this same site in development and staging and it works fine with 
blocking on - just not in production. The only difference between production 
and staging is that in production the site has its own dedicated instance of 
the application server (ColdFusion on Tomcat).

From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org 
[mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of 
Steffen Höhne
Sent: Wednesday, August 24, 2016 11:00 AM
To: 'owasp-modsecurity-core-rule-set@lists.owasp.org' 
<owasp-modsecurity-core-rule-set@lists.owasp.org>
Subject: [Owasp-modsecurity-core-rule-set] Windows IIS ModSecurity 2.9.1 
SecRuleEngine DetectionOnly

Hello guys

thank you for this great solution :)

Our system: Windows server 2012 standard x64 with iis
Modsecurity 2.9.1 with the latest ruleset
SecRuleEngine: DetectionOnly
web.config: <ModSecurity enabled="true" configFile="C:\Program 
Files\ModSecurity IIS\modsecurity_iis.conf" />

Problem: We have a login screen at our  nopcommerce webshop - with modecurity 
enabled and  DetectionOnly  it isn't possible to login.
There is no warning log in the windows eventviewer. The login just redirect 
back to the login page.

If I turn SecRuleEngine Off and recycle the apppool and try again ... tatatata 
it works :)

Login URL is: http://admin.domain.tld/login?ReturnUrl=%2fadmin

I think "SecRuleEngine DetectionOnly"  shouldn't block - just write an event.

Do you have any soultion for me?

Thank you


Freundliche Grüsse
Steffen Höhne
System Engineer
--------------------------------------------------------------------------------------------------------------
JMC Software AG * Riedstrasse 1 * 6343 Rotkreuz * Switzerland
Phone: +41 41 799 02 12
Internet: http://www.jmc-software.ch<http://www.jmc-software.ch/> * Email: 
s...@jmc-software.ch<mailto:s...@jmc-software.ch>
--------------------------------------------------------------------------------------------------------------


_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to