• Table of Contents
• ModSecurity Frequently Asked Questions (FAQ) (Last Full Update: August 28, 2014, Last Partial Update: Sept. 9, 2022)
• Who Leads the ModSecurity Project?
• Background and Support
• What exactly is ModSecurity?
• Which version of ModSecurity should I be using? v2.9.x or v3.0.x?
• Where do I get more help on ModSecurity?
• Open Source/Free Help
• Commercial Help
• Is there anything that I should do prior to creating a new issue?
• Will I always get an immediate response to my issue?
• When should I use the security email address?
• What about sourceforge mailing lists?
• If I don't get an immediate response, should I send an email to the Trustwave Technical Support email address?
• Where can I find books about Web Application Firewalls and ModSecurity?
• ModSecurity Handbook
• Web Application Defender's Cookbook: Battling Hackers and Defending Users
• ModSecurity 2.5
• Apache Security
• Preventing Web Attacks with Apache
• Getting Started
• What type(s) of security models does ModSecurity support?
• I hear that ModSecurity can be run in embedded-mode, what does that mean exactly?
• I hear that ModSecurity can be run in reverse-proxy mode, how does that differ from embedded-mode?
• Configuring ModSecurity
• Should I initially set the SecRuleEngine to On?
• How do I get ModSecurity to inspect request and response bodies?
• How can I verify exactly how ModSecurity is processing rules and requests?
• ModSecurity Rules Language
• What are the OWASP ModSecurity Core Rules (CRS) and should I use them?
• How do I whitelist an IP address so it can pass through ModSecurity?
• How do I handle False Positives and creating Custom Rules?
• Will using a large amount of negative filtering rules impact performance?
• What is a Virtual Patch and why should I care?
• Managing Alerts
• How do I manage ModSecurity logs if I have multiple installations?
• Is there an open source Console to send my audit logs to?
• Can I send ModSecurity alert log data through Syslog?