Solved

modsec for IIS & Apache : what exactly is my colleagues  doing

Posted on 2013-11-14
3
257 Views
Last Modified: 2013-11-16
I've seen my colleagues sieving out lines of text containing
code "403" from Apache logs & then match it against a list
(or database) of signatures, then code certain type of rules
into modsec.conf & I think they have to restart IIS for the
newly created rules to take effect.  They repeated do the
above action daily.

Q1:
What exactly is the purpose of the above manual tasks & 
is there any way (or any tool out there) to automate the
above tasks so that modsec / modsecurity will automatically
block malicious attacks : are they're building rules that
checks the content of http/https to block out new patterns
of attacks (such as URL scan, data injection ?? or what
types of attacks) ?

Q2:
Is there an equivalent for IIS esp automated building
of rules & automatically effect the rules.  What my
colleagues are doing are too tedious

Q3:
What are some of the free mailing lists that actively
discuss & provide support for modsecurity for IIS
& Apache?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 39648223
A1 more of concern is that it denies legitimate requests. You might want to use it to observe violations and adjust rules before rolling into production
A2 if tools are python/perl/tcl scripts you can make IIS emit NCSA log and they are all set
A3 have you tried modsecurity website?
0
 

Author Comment

by:sunhux
ID: 39648252
Following up on

Q2:
Do you have any sample Perl script that could do this &
make IIS emit NCSA log?  What's NCSA?

Q3:
I've tried the url / link below but it never send me an email
to subscribe to the mailing list:
  https://lists.sourceforge.net/lists/listinfo/mod-security-users
Is it still active?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 500 total points
ID: 39649228
Q2:
Get to administering IIS, it is on first page, 3rd selectable log format.
Q3:
Your mailserver is broken, that list gets ~10 mails/day.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question