Would you like to learn how to install Modsecurity on IIS? In this tutorial, we are going to show you how to install the Modsecurity feature on the IIS server.

• Windows 2012 R2
• Windows 2016
• Windows 2019
• ModSecurity 2.9.3

Hardware List:

The following section presents the list of equipment used to create this tutorial.

Every piece of hardware listed above can be found at Amazon website.

Tutorial IIS - Modsecurity installation

Access the Microsoft website and download the package named Visual Studio 2013 Runtime.

Download Visual C 2013

Perform the Visual Studio 2013 installation.

Visual C 2013

Download the Modsecurity installation package.

Modsecurity IIS download

Perform the Modsecurity installation on the IIS server.

Modsecurity installation Windows

Select the option to automatically configure the Modsecurity as an IIS module.

Modsecurity IIS Setup

Advance until the Modsecurity installation is finished.

In our example, the Modsecurity was installed on the following directory.

Copy to Clipboard

Use the Wordpad application to edit the ModSecurity configuration file.

Copy to Clipboard

Locate the following line.

Copy to Clipboard

Change this line and save the configuration.

Copy to Clipboard

As Administrator, start an elevated command-line prompt.

Windows DOS Prompt

Give the account named IIS_IUSRS permission over the IIS server directory named TEMP.

Copy to Clipboard

Start the application named: IIS Manager.

Start IIS Windows

On the IIS Manager application, select your IIS server name.

On the right part of the screen, select the option to restart the IIS service.

IIS Restart

On the IIS server, open your browser and enter the IP address of your web server.

In our example, the following URL was entered in the Browser:


The HTTP page should be presented.


Case Modsecurity detects an issue with a request, the user will receive an error 403 message.

Copy to Clipboard

Congratulations! You successfully installed the Modsecurity on the IIS server.