New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ModScurity on Windows 2008 R2 WWW x64 #647

Closed
catalinmafteiest opened this Issue Jan 15, 2014 · 7 comments

Comments

Projects
None yet
4 participants
@catalinmafteiest

catalinmafteiest commented Jan 15, 2014

Hello,

I try to install modesecurity msi on Windows 2008 R2 WWW x64.
I use verbose mode.
After instalation when I try to create use it on IIS i get the error: The Module DLL C:\Windows\SysWOW64\inetsrv\ModSecurityIIS.dll failed to load. The data is the error.

on this server I allready have vc++ 2010 sp1 and vc++ 2013 and if I try to install vc++ 2010 we get the message "a new version os this is allready installed".
I use dll dependency on modsecurity.dll installed by MSI file in (C:\Windows\SysWOW64\inetsrv) and I notice that is looking for some DLL that are not on our servers.

modsecurity_dll_dependency

how can I upload the instalation log file ?

can you give some guides ?

respect.

@Ithier-wedia

This comment has been minimized.

Ithier-wedia commented Jan 15, 2014

I had the same problem, I can't remember exactly what solved it, but I had to install, runtime for vc++2012 and vc++2013 for both the x86 and 64 bits platforms.

@catalinmafteiest

This comment has been minimized.

catalinmafteiest commented Jan 16, 2014

hello,

yes I install all this and now still are some dll missing.

after all vc 201x instaled

now I get warning in my event viewer:
The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity: LUA compiled version="Lua 5.1"

The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity: LIBXML compiled version="2.9.1"

The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity: PCRE compiled version="8.33 "; loaded version="8.33 2013-05-28"

The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"

The description for Event ID 0 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

ModSecurity for IIS (STABLE)/2.7.5 (http://www.modsecurity.org/) configured.

does someone have a solution ?

@Ithier-wedia

This comment has been minimized.

Ithier-wedia commented Jan 16, 2014

Is is warning or is it information. I have the same entries in the event viewer, which only tells you the versions of the installed dll, and ModSecurity is working fine.

@catalinmafteiest

This comment has been minimized.

catalinmafteiest commented Jan 16, 2014

yes it is Information, but the module is not working.
in webconfig i have:

in modsecurity_iis.conf i have:
Include modsecurity.conf
Include modsecurity_crs_10_setup.conf
Include owasp_crs\base_rules*.conf

my modsecurity.conf begin with:

based on modsecurity.conf-recommended

-- Rule engine initialization ----------------------------------------------

Enable ModSecurity, attaching it to every transaction. Use detection

only to start with, because that minimises the chances of post-installation

disruption.

#SecRuleEngine DetectionOnly
SecRuleEngine On

SecRule ARGS, "zzz" phase:1,log,deny,status:503,id:1

this rule mean that if i request url/?q=zzz should be logged and rejected by modsecurity with status 503

this doesnt happend.

is somwthing wrong in this Rule ?

regards

@zimmerle

This comment has been minimized.

Member

zimmerle commented Jan 24, 2014

Hi @catalinmafteiest,

I believe that the module is correctly loaded, since you have ModSecurity's startup messages in your events logs. Can you check if it is correctly configured in your site? There is a IIS Troubleshooting guide in our wiki which explains how to configure it:

https://github.com/SpiderLabs/ModSecurity/wiki/IIS-Troubleshooting

Br.,
F.

@Ithier-wedia

This comment has been minimized.

Ithier-wedia commented Jan 30, 2014

Today I have done a new installation of modsecurity on win2008 R2 and I also had to install 'Microsoft Visual C++ 2010 Redistributable Package (x86)' which can be found here
http://www.microsoft.com/en-us/download/confirmation.aspx?id=5555

@zimmerle

This comment has been minimized.

Member

zimmerle commented Feb 26, 2014

C++ Redistributable Package should no longer be a problem by: 831e598

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment