I have deployed modsecurity 2.7.5 in IIS 7.5 and I have activated this for
one web application (aspx). SecRuleEngine is seted to DetectionOnly and I
have added a test rule (SecRule ARGS, "zzz"
phase:2,log,deny,status:503,id:1). Later, I accessed my application and
generate attacks manually (send the zzz string to see in action the test
rule) and in the event viewer (application) and I could see the respective
generated alert. The problem is that in webapp sections as login, search or
similar, such operations don't work , I only see the same page (by example,
in case of login succesfully , I expected a page of private zone , but for
this problem, I received the same login page). When I disabled modsecurity
for the web app (in web.config), the webapp works normally.
Thanks in advance.