Hi, Steffen, I've been having a similar problem with my connection being aborted when I turn the engine on for a particular site. No audit messages, but I haven't had a chance to try turning on the debug log. Most frustrating is that I run this same site in development and staging and it works fine with blocking on - just not in production. The only difference between production and staging is that in production the site has its own dedicated instance of the application server (ColdFusion on Tomcat).
From: [email protected] [mailto:[email protected]] On Behalf Of Steffen Höhne Sent: Wednesday, August 24, 2016 11:00 AM To: '[email protected]' <[email protected]> Subject: [Owasp-modsecurity-core-rule-set] Windows IIS ModSecurity 2.9.1 SecRuleEngine DetectionOnly Hello guys thank you for this great solution :) Our system: Windows server 2012 standard x64 with iis Modsecurity 2.9.1 with the latest ruleset SecRuleEngine: DetectionOnly web.config: <ModSecurity enabled="true" configFile="C:\Program Files\ModSecurity IIS\modsecurity_iis.conf" /> Problem: We have a login screen at our nopcommerce webshop - with modecurity enabled and DetectionOnly it isn't possible to login. There is no warning log in the windows eventviewer. The login just redirect back to the login page. If I turn SecRuleEngine Off and recycle the apppool and try again ... tatatata it works :) Login URL is: http://admin.domain.tld/login?ReturnUrl=%2fadmin I think "SecRuleEngine DetectionOnly" shouldn't block - just write an event. Do you have any soultion for me? Thank you Freundliche Grüsse Steffen Höhne System Engineer -------------------------------------------------------------------------------------------------------------- JMC Software AG * Riedstrasse 1 * 6343 Rotkreuz * Switzerland Phone: +41 41 799 02 12 Internet: http://www.jmc-software.ch<http://www.jmc-software.ch/> * Email: [email protected]<mailto:[email protected]> --------------------------------------------------------------------------------------------------------------
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
