Thank you so much for your time.

But I’m about to give up…;(


Created a website under the c:\inetpub\wwwroot\ -> website

This website runs fine without modsecurity.


I did exactly like you did(used the administrator command line installation method) and my output is exactly the same.


In the web.config I set <ModSecurity enabled="true" configFile="c:\inetpub\wwwroot\website\ModSecurity.xml" />

The same error still occurs.


I also tried placing the conf a level higher: <ModSecurity enabled="true" configFile="c:\inetpub\wwwroot\ModSecurity.xml" />

The same error still occurs.


Still, I’m confused where to place the rules files themselves, i.e., modsecurity_crs_20_protocol_violations.conf etc…