ModSecurity

ModSecurity, sometimes called Modsec, is a popular Open-source Web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP Server, Microsoft IIS and NGINX. It is a free software released under the Apache license 2.0.

ModSecurity's Open Source availability has resulted in it becoming one of the world's most popular Web application firewalls. The platform itself provides a rule configuration language known as 'SecRules' for real-time monitoring, logging, and filtering of communications based on user-defined rules.

Although not its only configuration, ModSecurity is most commonly deployed to provide protections against generic classes of vulnerabilities using the OWASP Core Rule Set (CRS), an Open-source set of rules written in ModSecurity's SecRules language. Several other rule sets are also available for ModSecurity.

To detect threats, the ModSecurity engine is deployed embedded within the webserver or as a proxy server in front of a web application. This allows the engine to scan incoming and outgoing HTTP communications to the endpoint. Dependent on the rule configuration the engine will decide how communications should be handled which includes the capability to pass, drop, redirect, return a given status code, execute a user script, and more. ModSecurity is known to have the following capabilities:

ModSecurity was first developed by Ivan Ristić, who wrote the module with the end goal of monitor application traffic on the Apache HTTP Server. The first version was released in November 2002 which supported Apache HTTP Server 1.3.x. Starting in 2004 Ivan created Thinking Stone to continue work on the project full-time. While working on the version 2.0 rewrite Thinking Stone was bought by Breach Security, an American-Israeli security company, in September 2006. Ivan stayed on continuing development of version 2.0 which was subsequently released in summer 2006.