• Table of Contents
  • ModSecurity Frequently Asked Questions (FAQ) (Last Updated - August 28, 2014)
  • Who Leads the ModSecurity Project?
  • Background and Support
  • What exactly is ModSecurity?
  • Where do I get more help on ModSecurity?
  • Open Source/Free Help
  • Commercial Help
  • Do I need to sign up for the Mod-User Mail-list before I can send emails?
  • Is there anything that I should do prior to sending emails to the mail-list?
  • Will I always get an immediate answer to my question on the open source mod-security-users mail-list?
  • If I don't get an immediate response, should I send an email to the Trustwave Technical Support email address?
  • Where can I find books about Web Application Firewalls and ModSecurity?
  • ModSecurity Handbook
  • Web Application Defender's Cookbook: Battling Hackers and Defending Users
  • ModSecurity 2.5
  • Apache Security
  • Preventing Web Attacks with Apache
  • Getting Started
  • What type(s) of security models does ModSecurity support?
  • What's new in ModSecurity and why should I upgrade if I am already using ModSecurity 1.x?
  • How do I migrate my rules from the ModSecurity 1.x format into the 2.x format?
  • How do I install ModSecurity 2.0?
  • I hear that ModSecurity can be run in embedded-mode, what does that mean exactly?
  • I hear that ModSecurity can be run in reverse proxy-mode, how does that differ from embedded-mode?
  • Configuring ModSecurity
  • Should I initially set the SecRuleEngine to On?
  • How do I get ModSecurity to inspect request and response bodies?
  • How can I verify exactly how ModSecurity is processing rules and requests?
  • ModSecurity Rules Language
  • What are the OWASP ModSecurity Core Rules (CRS) and why should I use them?
  • What attacks do the Core Rules protect against?
  • Can I use the Core Rules with ModSecurity 1.x?
  • I'm getting a 'Failed to resolve operator: detectxss' error while using Core Rule Set (CRS) v3.x
  • How do I whitelist an IP address so it can pass through ModSecurity?
  • Are there rule differences for identify missing/empty variables between ModSecurity 1.x and 2.x?
  • How do I handle False Positives and creating Custom Rules?
  • Will using a large amount of negative filtering rules impact performance?
  • What is a Virtual Patch and why should I care?
  • Managing Alerts
  • How do I manage ModSecurity logs if I have multiple installations?
  • Is there an open source Console to send my audit logs to?
  • Can I send ModSecurity alert log data through Syslog?