Re: ModSecurity - installed on Windows Server?

[Aarón Mizrachi <unmanarc () gmail com>]

On Martes 19 Mayo 2009 15:05:57 dgonzalez.itpro () gmail com escribió:
> Hello list,
>
> I have read good things about ModSecurity and we would like to try it here
> in our company.
>
> I have checked the site and I am finding out it is not as easy to install
> as I thought. Has anyone installed on a Windows Server? Are there other
> documentaion that can help with setting up MedSecurity on Windows server?
> Has anyone done this? What has been your exerience?
read at:

http://www.modsecurity.org/projects/modsecurity/apache/index.html
http://www.securityfocus.com/columnists/418

but i dont see anything for IIS right now.

What i suggest to you.

If you are a fan of mod_security, and you like it, you have two options:

1. Use apache. 

OR 

2. Install an apache with mod_proxy and mod_security behind your windows 
server on a linux server. This will probably lost the half of mod_security 
functionality because their signatures are for apache.But dont worry, you can 
write some rules for IIS. This will add an extralayer protection.

If your server are good enough, this could be done as a virtual machine. ;-)



> Thank you
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
> Instructor-Led and Online formats is the most concentrated exam prep
> available. Comprehensive course materials and an expert instructor means
> you pass the exam. Gain a laser like insight into what is covered on the
> exam, with zero fluff!
>
> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
> ------------------------------------------------------------------------

-- 
Ing. Aaron G. Mizrachi P.    
http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503

Attachment: signature.asc
Description: This is a digitally signed message part.