Bobcares

Installing and Configuring Mod_Security on Windows Server

by | Mar 30, 2023

Let us learn more about installing and configuring Mod_Security on Windows Server. With the support of our Server management support services at Bobcares we will now learn how to set up mod_security.

How to install and setup Mod_Security on Windows Server?

installing and configuring Mod_Security on Windows Server

ModSecurity is an open source web application firewall that has been widely setup on Apache-based web servers to protect web applications against security vulnerabilities.

It was recently made available in a stable version for IIS-based servers starting with version 7.X.

Installing and configuring Mod_Security on Windows Server

Follow the steps given below to install the mod.

  1. Firstly, connect to the Windows Server through RDP, open a browser, and save Microsoft’s Web Platform Installer (WebPI)
  2. Install the following Visual Studio 2010 Runtimes before setting up the ModSecurity:

    A: If the user has a 32-bit operating system (Windows Server 2008 or IIS7), only the 32-bit runtimes will be installed.

    B: * Nevertheless, if the user is running a 64bit operating system and running both 32bit and 64bit application pools, the user should install both the 32bit and 64bit versions.

  3. After that, ModSecurity had a missing dependancy “Wlanapi.dll” This was installed by installing the “Wireless LAN Service” as follows:

    A) Launch Server Management.

    B)Choose Features | Insert Feature

    C)Choose Wireless LAN Service

    D)Install, shut off, and call it a day.

  4. Finally, launch Microsoft’s Web Platform Installer (WebPI) and install ModSecurity. The user must load the webpage and ensure that it loads.

    The user should also examine the application log and ensure that mod security is enabled. Administrator Tools >> Event Viewer >> Windows Logs >> Application.

    If not, just restore the user’s applicationhost.config file. Remove the three ModSecurity lines, or go to c:inetpubhistory and restore the most recent backup of the applicationhost.config file into c:windowssystem32inetsrvconfig. This patches up the first major step in installing and configuring Mod_Security on Windows Server.

Setting up the ModSecurity Ruleset

  1. Place the ModSecurity ruleset in the directory c:inetpubwwwrootowasp crs.
  2. In the above-mentioned folder, open modsecurity.conf and change the first line from SecRuleEngine DetectionOnly to SecRuleEngine On.
  3. Next, build a test rule. SecRule ARGS, “zzz” phase:1,log,deny,status:503,id:1 and add it at the end of the modsecurity.conf file.

Activating ModSecurity on our website

  1. Administrator privileges are required to access IIS.
  2. Enable the VPS local host.
  3. Launch the Configuration Editor.
  4. The user must now utilize the Configuration Editor to enter their Websites webconfig file and add the following rule.


    installing and configuring Mod_Security on Windows Server

Finally, relaunch the local host. Now move to the next step in installing and configuring Mod_Security on Windows Server.

Verifying ModSecurity’s loading and finding problems

  1. After setting up the ModSecurity, the user may test its loading by using our test rule. The user may verify this by visiting http://www.mydomain.com/index.php?a=zzz.
  2. When the website loads, the user receives the notice “The service is unavailable.”
  3. Access server users can inspect the application log (Administrative Tools – Event Viewwer – Windows Logs – Application).
  4. The user will receive the following information:

    installing and configuring Mod_Security on Windows Server

This is the final step in setting up the Mod_Security on Windows Server.

[Need assistance with similar queries? We are here to help]

Conclusion

To sum up we have now seen more on setting up the Mod_Security on Windows Server. With the support of our Server management support services at Bobcares we have now gone through the whole setup process.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF