Mod Security for Windows and ASL Ruleset

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
Post Reply
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Mod Security for Windows and ASL Ruleset

Unread post by hostingguy »

Hi guys,

I'm investigating an option to potentially install Mod_Security on IIS using the following
https://github.com/SpiderLabs/ModSecuri ... rosoft-iis


I was curious if in doing so, it would allow us to use your real time rules - do you think this would be OK to do, or would you see any issues or hidden "gotchas"?
Top
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4155
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Mod Security for Windows and ASL Ruleset

Unread post by mikeshinn »

Thank you for the question. Just use the rules from the experimental directory. IIS doesnt support LocationMatch so the experimental rules contain a different way of tuning the rules on non-Apache platforms. They really arent experimental, and those rules will replace the standard rules once we get some more feedback from people using them (so then there will just be one set of rules for all platforms).

Right now the only web servers that support LocationMatch are apache and Litespeed. nginx and IIS dont support it, so we've re-written all the rules to use a different method that nginx and IIS support. So far no ones reported any issues, so as I said the mid term plan is to make the "experimental" rules the rules for all platforms.

Please open a case with support if you have any issues with the experimental rules, we're eager to get feedback on them and work with anyone using them to make sure they work perfectly.
Top
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: Mod Security for Windows and ASL Ruleset

Unread post by hostingguy »

Hi Mike,

Thanks for the reply, that is definitely encouraging!
Do you have any documentation on where to find the rule set, how to import it, and how to keep it up to date in a similar fashion to the linux side, or is this all things that we would need to discover and build on our end?

I've looked through a few of the FAQs you have and I didnt see anything outlining either of those.
Could you point me in the right direction?

Thanks!
Top
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: Mod Security for Windows and ASL Ruleset

Unread post by hostingguy »

Just following up, do you have any documentation on this type of thing you can point me to?

Would using this be what I would need?
https://atomicorp.com/wiki/index.php/At ... stallation
https://atomicorp.com/wiki/index.php/Do ... elf_Method
Top
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4155
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Mod Security for Windows and ASL Ruleset

Unread post by mikeshinn »

The only change is to change the download path, just make sure you are using the experimental directory. Otherwise, its the exact same rule files.

As for installing the windows modsec module, we dont currently provide that Microsoft does. You'll want to look at their official docs on installing modsecurity in IIS.
Top
Post Reply

Return to “Atomic Protector (formerly ASL)”