This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "ModSecurity" – news · newspapers · books · scholar · JSTOR(January 2018) (Learn how and when to remove this message)
ModSecurity
Original author(s)
Ivan Ristić
Developer(s)
OWASP, formerly Trustwave SpiderLabs
Initial release
November 2002; 21 years ago (2002-11)
Stable release
3.0.12[1]
/ 30 January 2024; 3 months ago (30 January 2024)
Repository
github.com/SpiderLabs/ModSecurity
Written in
C++ (3.x), C (2.x)
Available in
English
License
Apache License 2.0
Website
https://owasp.org/www-project-modsecurity/
Free and open-source software portal
ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of Hypertext Transfer Protocol request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP Server,[2][3] Microsoft IIS and Nginx.[4] It is free software released under the Apache license 2.0.
The platform provides a rule configuration language known as 'SecRules' for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user-defined rules.
Although not its only configuration, ModSecurity is most commonly deployed to provide protections against generic classes of vulnerabilities using the OWASP ModSecurity Core Rule Set (CRS).[5] This is an open-source set of rules written in ModSecurity's SecRules language. The project is part of OWASP, the Open Web Application Security Project. Several other rule sets are also available.
To detect threats, the ModSecurity engine is deployed embedded within the webserver or as a proxy server in front of a web application. This allows the engine to scan incoming and outgoing HTTP communications to the endpoint. Dependent on the rule configuration the engine will decide how communications should be handled which includes the capability to pass, drop, redirect, return a given status code, execute a script, and more.
^Error: Unable to display the reference properly. See the documentation for details.
^"How to secure your Apache 2 server in four steps". Techrepublic.com. 18 November 2016. Retrieved 7 January 2018.
^Shah, Shreeraj. "Securing Web Services with mod_security - O'Reilly Media". Onlamp.com. Archived from the original on 7 January 2018. Retrieved 7 January 2018.
^Lardinois, Frederic (23 August 2016). "NGINX Plus's latest release puts the focus on security". Techcrunch.com. Retrieved 7 January 2018.
^"OWASP ModSecurity Core Rule Set – The 1st Line of Defense Against Web Application Attacks". Coreruleset.org. Retrieved 7 January 2018.
Free and open-source software portal ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF). Originally designed as a...
on web applications in the late 90s. In 2002, the open source project ModSecurity was formed in order to make WAF technology more accessible. They finalized...
help with reduction of the size (weight) of web pages served over HTTP. ModSecurity is an open source intrusion detection and prevention engine for Web applications...
Fastly's web application firewall uses the Open Web Application Security Project ModSecurity Core Rule Set alongside its own ruleset. The Fastly platform...
CyanogenMod (/saɪˈænoʊdʒɛnmɒd/ sy-AN-oh-jen-mod; CM) is a discontinued open-source operating system for mobile devices, based on the Android mobile platform...
April 2016, a new Cyber Security Operations Centre (CSOC) "to protect the MOD's cyberspace from malicious actors" was announced at MOD Corsham, with a budget...
Intelligence and Security Centre (DISC) after it moved from Ashford in 1997. The Defence Intelligence Training Group (DITG) is based at MOD Chicksands. Chicksands...
original on 2011-07-15. Retrieved 2010-04-16. Ristic, Ivan (2010-03-15). ModSecurity Handbook. London, UK: Feisty Duck Ltd. p. 173. ISBN 978-1-907117-02-2...
With mod_proxy it is possible to set various web framework-based applications up as virtual hosts as well. mod_proxy can help to improve LAMP security or...
end-to-end Mod 12 Life Extension Program flight tests at Tonopah Test Range Archived 2018-07-02 at the Wayback Machine GlobalSecurity.org US Air Force's Mod 12...
(mod_rails/mod_rack) mod_perl mod_php mod_python mod_wsgi [dead link]mod_ruby Wiki Archived 2011-08-08 at the Wayback Machine, explaining the security...
An International Securities Identification Number (ISIN) is a code that uniquely identifies a security globally for the purposes of facilitating clearing...
The Mod Squad Archived 2013-01-28 at the Wayback Machine at TVShowsOnDVD.com The Mod Squad at epguides.com The Mod Squad at IMDb The Return of Mod Squad...
Ministry of Defence Lyneham or MOD Lyneham is a Ministry of Defence site in Wiltshire, England, about 7 miles (11 km) north-east of Chippenham and 10...
MOD Abbey Wood is a Ministry of Defence establishment at Filton, Bristol, United Kingdom. The purpose-built site houses the MOD's Defence Equipment and...
compatible with commonly-used Apache features, including mod_rewrite, .htaccess, and mod_security. LSWS can load Apache configuration files directly and...
v2/v3) and Transport Layer Security (TLS v1) cryptographic protocols by the help of the Open Source SSL/TLS toolkit OpenSSL. The mod_ssl v1 package was initially...
time-consuming in-depth analysis of the logfiles. Some rulesets for modsecurity (like the one from Atomicorp) block all access to the webserver from...
r = x 1 mod n {\displaystyle r=x_{1}\,{\bmod {\,}}n} . If r = 0 {\displaystyle r=0} , go back to step 3. Calculate s = k − 1 ( z + r d A ) mod n {\displaystyle...
Defence and Security Co-operation". Number10.gov.uk. Archived from the original on 5 July 2011. Retrieved 26 June 2016. "Royal Navy". royalnavy.mod.uk. Archived...