ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…
Switch branches/tags
Clone or download
Failed to load latest commit information.
.github/ISSUE_TEMPLATE Update issue templates Oct 17, 2018
alp2 Organizes all Dec 13, 2013
apache2 ju5t patch to fix mpm-itk mod_ruid2 compatibility Oct 13, 2018
build fix when multiple lines for curl version May 10, 2018
doc Refactoring on the doxygen generation May 16, 2017
ext Adds ssdeep support in our build system Nov 14, 2014
iis IIS: Remove body prebuffering again. Unneeded due to no lock on modse… Oct 19, 2018
mlogc Allow user to choose between TLS versions(TLSProtocol option introduc… Jan 6, 2016
nginx Obtain port from r->connection->local_sockaddr. Jun 1, 2017
standalone Proposed fix for wildcard op when loading conf files on Nginx / IIS Oct 4, 2017
tests Adds more tests to REQUEST_BASENAME Sep 5, 2018
tools Updates to Jan 29, 2016
CHANGES CHANGES: Adds info about: #1917 Oct 19, 2018
LICENSE Updated Licensing information to reflect year Jan 11, 2016 tests: adds test-regression-nginx to the makefile Jan 3, 2014
NOTICE Updated copyright dates Apr 19, 2013 Reformat the README to Markdown Sep 20, 2018 Update the dependencies in README for Windows based on refactory of 2… Sep 20, 2018
authors.txt add breno user to authors file Oct 14, 2010 macos: Using glibtoolize instead of libtoolize Dec 12, 2013 Makes `large stream optimization' optional Oct 6, 2017
modsecurity.conf-recommended Fix spelling May 10, 2018
stamp-h1 Fix autoconf header and include path so trunk builds. Aug 31, 2010
unicode.mapping Fix arabic charset in unicode_mapping file Feb 28, 2018

ModSecurity for Apache 2.x

Copyright (c) 2004-2013 Trustwave Holdings, Inc. (

You may not use this file except in compliance with the License. You may obtain a copy of the License at:

If any of the files related to licensing are missing or if you have any other questions related to licensing please contact Trustwave Holdings, Inc. directly using the email address:


Please refer to: the documentation folder for the reference manual.

OWASP ModSecurity Core Rule Set (CRS)

Project Site:


ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules. In order to enable users to take full advantage of ModSecurity™ out of the box, Trustwave's SpiderLabs is providing a free certified rule set for ModSecurity™ 2.x.

Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the Core Rules provide generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. The Core Rules are heavily commented to allow it to be used as a step-by-step deployment guide for ModSecurity™.

Core Rules Content

In order to provide generic web applications protection, the Core Rules use the following techniques:

  • HTTP Protection - detecting violations of the HTTP protocol and a locally defined usage policy.
  • Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
  • Web-based Malware Detection - identifies malicious web content by check against the Google Safe Browsing API.
  • HTTP Denial of Service Protections - defense against HTTP Flooding and Slow HTTP DoS Attacks.
  • Common Web Attacks Protection - detecting common web application security attack.
  • Automation Detection - Detecting bots, crawlers, scanners and other surface malicious activity.
  • Integration with AV Scanning for File Uploads - detects malicious files uploaded through the web application.
  • Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
  • Trojan Protection - Detecting access to Trojans horses.
  • Identification of Application Defects - alerts on application misconfigurations.
  • Error Detection and Hiding - Disguising error messages sent by the server.

ModSecurity Rules from Trustwave SpiderLabs

Project Site:


Trustwave now provides a commercial certified rule set for ModSecurity 2.x that protects against known attacks that target vulnerabilities in public software and are based on intelligence gathered from real-world investigations, honeypot data and research.

  1. More than 16,000 specific rules, broken out into the following attack categories:

    • SQL injection
    • Cross-site Scripting (XSS)
    • Local File Include
    • Remote File Include
  2. User option for application specific rules, covering the same vulnerability classes for applications such as:

  3. Complements and integrates with the OWASP Core Rule Set

  4. IP Reputation capabilities which provide protection against malicious clients identified by the Trustwave SpiderLabs Distributed Web Honeypots

  5. Malware Detection capabilities which prevent your web site from distributing malicious code to clients.