Home

ModSecurity is an open source, cross platform web application firewall (WAF) engine donated to OWASP in 2024. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Securing tens of millions of domains, ModSecurity is the most widely deployed WAF engine in existence.

• Frequently Asked Questions TO BE REVIEWED OR ARCHIVED
• Getting Help

📚 Documentation

ModSecurity version 3 / libModSecurity version 3

• Installation from source
• Reference Manual v3.x

ModSecurity version 2

• Reference Manual v2.x (Some people experience difficulty with the rendering for this version of the document)
• Reference Manual v2.x (Split)
• Windows Troubleshooting

🚢 Development

• Milestones
• Debugging
• Distribution specific packaging

---

ModSecurity 3

• Motivations & Goals (Blog Post)
• Overview of Changes

Components

• libModSecurity
• Nginx Connector
• Apache Connector
• Pcap Connector
• Python Bindings

Wiki Archive

These are legacy pages, that are kept around for future reference.

• Log Data Format TO BE ARCHIVED
• Tools TO BE ARCHIVED
• Development Roadmap TO BE ARCHIVED
• Ideas Google Summer of Code 2016 TO BE ARCHIVED