Home

ModSecurity is an open source, cross platform web application firewall (WAF) developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.

• Frequently Asked Questions
• Getting Help

📚 Documentation

• ModSecurity version 3

  • Installation from source
  • Reference Manual v3.x

• ModSecurity version 2

  • Reference Manual v2.x
  • Introduction
  • Installation Apache
  • Configuration Apache
  • Installation Nginx
  • Configuration Nginx
  • Installation IIS
  • Configuration Reference
  • Recommended Base Configuration
  • Rule Sets (OWASP Core)
  • Windows Troubleshooting

• Log Data Format

• Tools

External documentation

• ModSecurity 3.0 and NGINX: Quick Start Guide

🚢 Development

• Roadmap
• Milestones
• Debugging
• Distribution specific packaging
• Ideas Google Summer of Code 2016

---

ModSecurity 3

• Motivations & Goals (Blog Post)
• Overview of Changes

Components

• libModSecurity
• Nginx Connector
• Apache Connector
• Pcap Connector
• Python Bindings