Skip to content
Christian Folini edited this page Mar 2, 2024 · 26 revisions

ModSecurity is an open source, cross platform web application firewall (WAF) engine donated to OWASP in 2024. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Securing tens of millions of domains, ModSecurity is the most widely deployed WAF engine in existence.

The WIKI has been transferred from Trustwave to OWASP ModSecurity together with the code repo. It is partially outdated and will have to be overhauled. In the meantime, read with caution.

📚 Documentation

ModSecurity version 3 / libModSecurity version 3

ModSecurity version 2

🚢 Development

v3 Components

Wiki Archive

These are legacy pages, that are kept around for future reference.

Architecture graphic that is not quite easy to grasp and a caption is missing: