Hello,
I have succesfuly installed mod_Security on our IIS 8.5 servers.
The only problem is that our websites are behind reverse proxy.
When a rule is triggered on mod_Security module, the module logs the event on event viewer, however we can only see our reverse proxy's IP.
We have added "X-forwarded-For" header on our IIS logs and we CAN see the end user's iP on the IIS logs, however it seems that mod_security runs before the IIS logging and the request never reaches the IIS logging (we cannot see it there).
We need to either have the request appear on the IIS logs, or have somehow mod_Security module log the "X-Forwarded-For" header.
I did ask on the mod_security mailing list and they said its an IIS issue.
Any ideas?
Thanks
Alex