ModSecurity is an open source, cross platform web application firewall (WAF) developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.

• Frequently Asked Questions

• Getting Help

Documentation

• ModSecurity version 3

  • Installation from source (Ubuntu 20.04)

Current bug:

AH00526: Syntax error on line 106 of /etc/apache2/conf-available/crs-setup.conf: Invalid command 'SecDefaultAction', perhaps misspelled or defined by a module not included in the server configuration

• Log Data Format

• Tools

Development

• Roadmap

• Milestones

• Debugging

• Distribution specific packaging

• Ideas Google Summer of Code 2016

ModSecurity 3

• Motivations & Goals (Blog Post)

• Overview of Changes

ModSecurity-apache Components

• libModSecurity

• Apache Connector

• Python Bindings