Trying to get ModSecurity 2.7.0 to work on a windows server 2008 R2 SP1 with IIS7.5 to no avail.
This is what I tried so far:
- Installer 2.7.0.msi
- Downloaded the debug version followed the reference manual: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Installation_for_Microsoft_IIS
- Copied and registered everything in either System32 (32bit) and SysWOW64 (64bit)
- Did a DepencyWalker which only mentioned IEFRAME.DLL for which I read online that’s almost always the case.
- Reinstalled vcredist_x64
- Set the application pool to ‘Enable 32-Bit Applications’
All result in ‘HTTP Error 503. The service is unavailable’ and crash events for modsecurityiis.dll in the Application Event log.
On http://blog.spiderlabs.com/2012/07/announcing-the-availability-of-modsecurity-extension-for-iis.html in the comments it states that ‘you can add the modsecurity.conf file into the wwwroot’.
I’m a little confused about what that location should be.
In my situation I have the default website removed. Created a website in d:\websites\website.
Where should I put the conf and the rules? )If that should solve my problem.
What else can I do to make it work?