Home

ModSecurity is an open source, cross platform web application firewall (WAF) engine donated to OWASP in 2024. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Securing tens of millions of domains, ModSecurity is the most widely deployed WAF engine in existence.

• Frequently Asked Questions
• Getting Help

📚 Documentation

• ModSecurity version 3

  • Installation from source
  • Reference Manual v3.x

• ModSecurity version 2

  • Reference Manual v2.x (Some people experience difficulty with the rendering for this version of the document)
  • Reference Manual v2.x (Split)
  • Windows Troubleshooting

• Log Data Format TO BE ARCHIVED

• Tools

External documentation

• ModSecurity 3.0 and NGINX: Quick Start Guide

🚢 Development

• Roadmap
• Milestones
• Debugging
• Distribution specific packaging
• Ideas Google Summer of Code 2016

---

ModSecurity 3

• Motivations & Goals (Blog Post)
• Overview of Changes

Components

• libModSecurity
• Nginx Connector
• Apache Connector
• Pcap Connector
• Python Bindings