ModSecurity Trustwave


Open source, cross-platform, web server WAF module. Currently works with Apache, IIS7 and Nginx platforms.

OWASP ModSecurity Core Rule Set (CRS)
A collection of rules designed to detect common web application attacks, which turns ModSecurity into a Web Intrusion Detection tool. The ModSecurity Core Rules project is now an OWASP project and discussions have moved from the mod-security-users mailing list to the new owasp-modsecurity-core-rule-set mailing list.

ModSecurity Commercial Rules
ModSecurity Commercial Rules are available from expert organizations, and address or complement the OWASP Core Rule Set.

ModSecurity Support
Options for support and troubleshooting for ModSecurity deployments.

ModSecurity Demos
The ModSecurity Demo is a joint effort between the ModSecurity and PHPIDS project teams to allow users to test ModSecurity and PHPIDS. Any data is sent to a ModSecurity install for inspection by the CRS and then it will be proxied to the PHPIDS page for normal inspection and processing. The response body will then be inspected to confirm if there are any evasion issues between the CRS and PHPIDS.

ModProfiler uses transaction logs to analyse traffic and create application models, which it can then export to ModSecurity rules that use a positive security model.

Related External Projects


REMO is a project to build a graphical rule editor for ModSecurity with a positive/whitelist approach.

Ouadjet uses ModSecurity audit logs to create positive-security policies and export them as ModSecurity rules. It currently works with ModSecurity 1.9.x.

ScallyWhack is a ModSecurity-based solution to block spam posted to Trac-driven websites. It's a lightweight, fast and flexible tool which recognizes and defeats all currently known methods to spam Trac.

GotRoot Rules for ModSecurity
GootRoot maintains a large collection of rules for ModSecurity 1.9.x and 2.x.

Logging Tools

The AuditConsole is a J2EE web-application which runs within a servlet container and is able to receive audit-event data from the ModSecurity module.

ModSecurity App for Splunk
Splunk for ModSecurity provides searches, reports and dashboards for the famous apache module ModSecurity from Trustwave SpiderLabs.

WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc (modsecurity event log handler)..

Modsec2sguil is a Perl script that feeds ModSecurity audit logs to Sguil.

WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. It is an OWASP project.