Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Mod Security for Windows and ASL Ruleset

https://forums.atomicorp.com/viewtopic.php?t=7615

Page 1 of 1

Mod Security for Windows and ASL Ruleset

Posted: Fri Apr 25, 2014 2:16 pm
by hostingguy
Hi guys,

I'm investigating an option to potentially install Mod_Security on IIS using the following
https://github.com/SpiderLabs/ModSecuri ... rosoft-iis


I was curious if in doing so, it would allow us to use your real time rules - do you think this would be OK to do, or would you see any issues or hidden "gotchas"?

Re: Mod Security for Windows and ASL Ruleset

Posted: Fri Apr 25, 2014 6:31 pm
by mikeshinn
Thank you for the question. Just use the rules from the experimental directory. IIS doesnt support LocationMatch so the experimental rules contain a different way of tuning the rules on non-Apache platforms. They really arent experimental, and those rules will replace the standard rules once we get some more feedback from people using them (so then there will just be one set of rules for all platforms).

Right now the only web servers that support LocationMatch are apache and Litespeed. nginx and IIS dont support it, so we've re-written all the rules to use a different method that nginx and IIS support. So far no ones reported any issues, so as I said the mid term plan is to make the "experimental" rules the rules for all platforms.

Please open a case with support if you have any issues with the experimental rules, we're eager to get feedback on them and work with anyone using them to make sure they work perfectly.

Re: Mod Security for Windows and ASL Ruleset

Posted: Thu May 01, 2014 1:46 pm
by hostingguy
Hi Mike,

Thanks for the reply, that is definitely encouraging!
Do you have any documentation on where to find the rule set, how to import it, and how to keep it up to date in a similar fashion to the linux side, or is this all things that we would need to discover and build on our end?

I've looked through a few of the FAQs you have and I didnt see anything outlining either of those.
Could you point me in the right direction?

Thanks!

Re: Mod Security for Windows and ASL Ruleset

Posted: Mon May 05, 2014 1:40 pm
by hostingguy
Just following up, do you have any documentation on this type of thing you can point me to?

Would using this be what I would need?
https://atomicorp.com/wiki/index.php/At ... stallation
https://atomicorp.com/wiki/index.php/Do ... elf_Method

Re: Mod Security for Windows and ASL Ruleset

Posted: Mon May 05, 2014 2:51 pm
by mikeshinn
The only change is to change the download path, just make sure you are using the experimental directory. Otherwise, its the exact same rule files.

As for installing the windows modsec module, we dont currently provide that Microsoft does. You'll want to look at their official docs on installing modsecurity in IIS.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited