Trying to get ModSecurity 2.7.0 to work on a windows server 2008 R2 SP1 with IIS7.5 to no avail.

This is what I tried so far:

-          Installer 2.7.0.msi

-          Downloaded the debug version followed the reference manual: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Installation_for_Microsoft_IIS

-          Copied and registered everything in either System32 (32bit) and SysWOW64 (64bit)

-          Did a DepencyWalker which only mentioned IEFRAME.DLL for which I read online that’s almost always the case.

-          Reinstalled vcredist_x64

-          Set the application pool to ‘Enable 32-Bit Applications’


All result in ‘HTTP Error 503. The service is unavailable’ and crash events for modsecurityiis.dll in the Application Event log.


On http://blog.spiderlabs.com/2012/07/announcing-the-availability-of-modsecurity-extension-for-iis.html in the comments it states that ‘you can add the modsecurity.conf file into the wwwroot’.

I’m a little confused about what that location should be.


In my situation I have the default website removed. Created a website in d:\websites\website.
Where should I put the conf and the rules? )If that should solve my problem.


What else can I do to make it work?