Mod Security Web Application Firewall (WAF)

ModSecurity is a plug-in module to the Apache webserver that allows for request based filtering of incoming requests. By enabling some of these filters it is possible to prevent exploitation of known, or new unpublished vulnerabilities. ModSecurity also supports Signature based rules which allows you to write your own custom signatures. Ivan Ristic the author of ModSecurity has written a very good book (Click here to read my review) about some of the security features of the Apache webserver, and modsecurity entitled 'Apache Security' By O'reilly' (Shown below). Additional information on Web Application Firewalls can be answered at our What is a Web Application Firewall FAQ Page.

The ModSecurity Homepage (
Primary Download Page (

Resources by Ivan Ristic (ModSecurity's Author)
The Mod_Security Blog
modsecurity rules database
Web Security Appliance With Apache and mod_security, By Ivan Ristic 2003
Introducing mod_security, By Ivan Ristic 2003

Mod_Security Mailing Lists
mod-security-announce Mailing List
mod-security-users Mailing List

Tools and Add-ons
mod_security rule generator (Third party)
A third party rule generator.

Third Party Articles
Defending Web Services using Mod Security (Apache): Methodology and Filtering Techniques, Shreeraj Shah
Intrustion detection and prevention for Apache with mod-security, 2004 Better Living Through Mod Security, 2004


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

"Tools and Add-ons
mod_security rule generator (Third party)
A third party rule generator."

.. is gone away :( any other rule generator out there in space? thx !