Readme instructions for IIS installation #3370
Comments
|
Hi @tbremard,
Currently there is only one supported (and stable) connector: for Nginx. We don't have connector for IIS yet.
No, we don't want to provide binary solution. The reason is simple: there are so many available build options, eg. you can choose which REGEX engine want to use, you can choose which collection backend want to use, and so on. So we can't decide users which one want to use, therefore we can't provide any binary package.
As I wrote, there is no "msi" installer. If anyone wants to use on Windows, just read the instructions. But again: this will help to install only the engine, there is no IIS connector.
Please explain which part do we have to modify. The library's readme does not contain any info about connectors. Nginx-connector contains a step-by-step description, how to build module for Nginx. |
|
Thank you,
" Currently there is only one supported (and stable) connector: for Nginx.
We don't have connector for IIS yet"
==> so indeed putting this inside readme would be great as by reading your
doc it looks every server is now supported on version 3.x.
it looks like "if you need insallation on IIS , you should install v2.x"
Regards
…--------------------------------
Thierry Brémard
***@***.***
Le lun. 5 mai 2025 à 14:51, Ervin Hegedus ***@***.***> a
écrit :
*airween* left a comment (owasp-modsecurity/ModSecurity#3370)
<#3370 (comment)>
Hi @tbremard <https://github.com/tbremard>,
user is completly lost to install module on IIS .
modsecurity-v3.0.14.tar.gz means the library, namely libmodsecurity3.
This is a WAF engine and it needs a connector to all kind of web servers
for users want to use it.
Currently there is only one supported (and stable) connector: for Nginx.
We don't have connector for IIS yet.
is there any binary somewhere ?
No, we don't want to provide binary solution. The reason is simple: there
are so many available build options, eg. you can choose which REGEX engine
want to use, you can choose which collection backend want to use, and so on.
So we can't decide users which one want to use, therefore we can't provide
any binary package.
the decoupling with adaptor might be great technology , but having no
clear instruction to emulate "msi" installer for windows iis is a big
critical issue for new user of this mod.
As I wrote, there is no "msi" installer. If anyone wants to use on
Windows, just read the instructions
<https://github.com/owasp-modsecurity/ModSecurity?tab=readme-ov-file#windows>.
But again: this will help to install only the engine, there is no IIS
connector.
Please review your readme and at least cover an adress with steps to folow
for each end web server
Please explain which part do we have to modify. The library's readme does
not contain any info about connectors.
Nginx-connector contains a step-by-step description
<https://github.com/owasp-modsecurity/ModSecurity-nginx?tab=readme-ov-file#compilation>,
how to build module for Nginx.
—
Reply to this email directly, view it on GitHub
<#3370 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIULZZBMELV27KLOT5WXO73245NE3AVCNFSM6AAAAAB4OQBNSSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDQNJQHA4TKNRZHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
sorry, where the doc says "every server is now supported on version 3.x"? If there is, we must remove it immediately.
IIS is a webserver, which runs on Windows. That's a connector question. But this library can be used on Windows too - if you have an own webserver, you can use this library. If you have an IIS connector (which is not an open source code), then you can also use the library. (I don't want to argue just would like to clarify the definitions - and of course, I will change the doc if it necessary) |
|
I mean. I am told modsecurity must be installed and historically handled by
iis.
The fact that you now segregate adaptors raise issue in unaware user lost
on integration.
By not writing potential issues currently on iis let user understand that
logically support on iis exists
Le lun. 5 mai 2025 à 15:11, Ervin Hegedus ***@***.***> a
écrit :
… *airween* left a comment (owasp-modsecurity/ModSecurity#3370)
<#3370 (comment)>
==> so indeed putting this inside readme would be great as by reading your
doc it looks every server is now supported on version 3.x.
sorry, where the doc says *"every server is now supported on version 3.x"*?
If there is, we must remove it immediately.
it looks like "if you need insallation on IIS , you should install v2.x"
IIS is a webserver, which runs on Windows. That's a connector question.
But this library can be used on Windows too - if you have an own
webserver, you can use this library. If you have an IIS connector (which is
not an open source code), then you can also use the library.
(I don't want to argue just would like to clarify the definitions - and of
course, I will change the doc if it necessary)
—
Reply to this email directly, view it on GitHub
<#3370 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIULZZBAABSM5Y67CUAXXET245PPHAVCNFSM6AAAAAB4OQBNSSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDQNJQHE3DEMZVGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
README.md is part of the source, anyone can send a PR which helps to clarify the concept. Honestly, I really don't know how can we make it more usable. |
Hello,
by downloading last release "modsecurity-v3.0.14.tar.gz"
user is completly lost to install module on IIS .
is there any binary somewhere ? the decoupling with adaptor might be great technology , but having no clear instruction to emulate "msi" installer for windows iis is a big critical issue for new user of this mod.
Please review your readme and at least cover an adress with steps to folow for each end web server
The text was updated successfully, but these errors were encountered: