ModSecurity on IIS - 500 errors in logs

Brought to you by: victorhora, zimmerletw

ModSecurity on IIS - 500 errors in logs

Forum: Installation and Configuration

Creator: Andy Johansson

Created: 2016-05-27

Updated: 2016-05-27

Andy Johansson - 2016-05-27

Hi

I have just started to play with ModSecurity on IIS (version 8) against the default IIS8 web site.

I see errors like in my audit log:

--23480000-C--

--23480000-F--
HTTP/1.1 500 Internal Server Error

--23480000-H--
Apache-Handler: IIS
Stopwatch: 1464364865979172 0 (- - -)
Stopwatch2: 1464364865979172 0; combined=0, p1=0, p2=0, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for IIS (STABLE)/2.9.1 (http://www.modsecurity.org/); OWASP_CRS/2.2.9.
Server: ModSecurity Standalone
Engine-Mode: "ENABLED"

While I see 403 errors in the IIS logs and in the response back to the client.

The site I run it against the a plain static default IIS site (no ASP.NET or other dynamic code).

I have:
set "SecStreamInBodyInspection On" as well.
Static/dynamic compression disabled
SecRuleEngine On
SecRequestBodyAccess On
No failed request tracing logs
SecAuditLogParts ABCEFHJZ

Any ideas why I get 500 errors?

I don't see anything in the event log

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.