Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

ModScurity on Windows 2008 R2 WWW x64 #647

Closed
catalinmafteiest opened this Issue Jan 15, 2014 · 7 comments

Comments

Projects
None yet
4 participants

Hello,

I try to install modesecurity msi on Windows 2008 R2 WWW x64.
I use verbose mode.
After instalation when I try to create use it on IIS i get the error: The Module DLL C:\Windows\SysWOW64\inetsrv\ModSecurityIIS.dll failed to load. The data is the error.

on this server I allready have vc++ 2010 sp1 and vc++ 2013 and if I try to install vc++ 2010 we get the message "a new version os this is allready installed".
I use dll dependency on modsecurity.dll installed by MSI file in (C:\Windows\SysWOW64\inetsrv) and I notice that is looking for some DLL that are not on our servers.

modsecurity_dll_dependency

how can I upload the instalation log file ?

can you give some guides ?

respect.

I had the same problem, I can't remember exactly what solved it, but I had to install, runtime for vc++2012 and vc++2013 for both the x86 and 64 bits platforms.

hello,

yes I install all this and now still are some dll missing.

after all vc 201x instaled

now I get warning in my event viewer:
The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity: LUA compiled version="Lua 5.1"

The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity: LIBXML compiled version="2.9.1"

The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity: PCRE compiled version="8.33 "; loaded version="8.33 2013-05-28"

The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"

The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity for IIS (STABLE)/2.7.5 (http://www.modsecurity.org/) configured.

does someone have a solution ?

Is is warning or is it information. I have the same entries in the event viewer, which only tells you the versions of the installed dll, and ModSecurity is working fine.

yes it is Information, but the module is not working.
in webconfig i have:

in modsecurity_iis.conf i have:
Include modsecurity.conf
Include modsecurity_crs_10_setup.conf
Include owasp_crs\base_rules*.conf

my modsecurity.conf begin with:

based on modsecurity.conf-recommended

-- Rule engine initialization ----------------------------------------------

Enable ModSecurity, attaching it to every transaction. Use detection

only to start with, because that minimises the chances of post-installation

disruption.

#SecRuleEngine DetectionOnly
SecRuleEngine On

SecRule ARGS, "zzz" phase:1,log,deny,status:503,id:1

this rule mean that if i request url/?q=zzz should be logged and rejected by modsecurity with status 503

this doesnt happend.

is somwthing wrong in this Rule ?

regards

Owner

zimmerle commented Jan 24, 2014

Hi @catalinmafteiest,

I believe that the module is correctly loaded, since you have ModSecurity's startup messages in your events logs. Can you check if it is correctly configured in your site? There is a IIS Troubleshooting guide in our wiki which explains how to configure it:

https://github.com/SpiderLabs/ModSecurity/wiki/IIS-Troubleshooting

Br.,
F.

Today I have done a new installation of modsecurity on win2008 R2 and I also had to install 'Microsoft Visual C++ 2010 Redistributable Package (x86)' which can be found here
http://www.microsoft.com/en-us/download/confirmation.aspx?id=5555

Owner

zimmerle commented Feb 26, 2014

C++ Redistributable Package should no longer be a problem by: 831e598

@zimmerle zimmerle closed this Feb 26, 2014

@zimmerle zimmerle added this to the testing milestones milestone Mar 27, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment