[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

modsec for IIS & Apache : what exactly is my colleagues  doing

Posted on 2013-11-14
3
Medium Priority
?
275 Views
Last Modified: 2013-11-16
I've seen my colleagues sieving out lines of text containing
code "403" from Apache logs & then match it against a list
(or database) of signatures, then code certain type of rules
into modsec.conf & I think they have to restart IIS for the
newly created rules to take effect.  They repeated do the
above action daily.

Q1:
What exactly is the purpose of the above manual tasks & 
is there any way (or any tool out there) to automate the
above tasks so that modsec / modsecurity will automatically
block malicious attacks : are they're building rules that
checks the content of http/https to block out new patterns
of attacks (such as URL scan, data injection ?? or what
types of attacks) ?

Q2:
Is there an equivalent for IIS esp automated building
of rules & automatically effect the rules.  What my
colleagues are doing are too tedious

Q3:
What are some of the free mailing lists that actively
discuss & provide support for modsecurity for IIS
& Apache?
0
Comment
Question by:sunhux
  • 2
3 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 39648223
A1 more of concern is that it denies legitimate requests. You might want to use it to observe violations and adjust rules before rolling into production
A2 if tools are python/perl/tcl scripts you can make IIS emit NCSA log and they are all set
A3 have you tried modsecurity website?
0
 

Author Comment

by:sunhux
ID: 39648252
Following up on

Q2:
Do you have any sample Perl script that could do this &
make IIS emit NCSA log?  What's NCSA?

Q3:
I've tried the url / link below but it never send me an email
to subscribe to the mailing list:
  https://lists.sourceforge.net/lists/listinfo/mod-security-users
Is it still active?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 2000 total points
ID: 39649228
Q2:
Get to administering IIS, it is on first page, 3rd selectable log format.
Q3:
Your mailserver is broken, that list gets ~10 mails/day.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question