Open source, cross-platform, web server WAF module. Currently works with Apache, IIS7 and Nginx platforms.
OWASP ModSecurity Core Rule Set (CRS)
A collection of rules designed to detect common web application attacks,
which turns ModSecurity into a Web Intrusion Detection tool. The ModSecurity
Core Rules project is now an OWASP project and discussions have moved from
the mod-security-users mailing list to the new
owasp-modsecurity-core-rule-set mailing list.
ModSecurity Commercial Rules
ModSecurity Commercial Rules are available from expert organizations, and address or complement the OWASP Core Rule Set.
Options for support and troubleshooting for ModSecurity deployments.
The ModSecurity Demo is a joint effort between the ModSecurity and PHPIDS
project teams to allow users to test ModSecurity and PHPIDS. Any data is sent
to a ModSecurity install for inspection by the CRS and then it will be proxied
to the PHPIDS page for normal inspection and processing. The response body
will then be inspected to confirm if there are any evasion issues between the
CRS and PHPIDS.
ModProfiler uses transaction logs to analyse traffic and create application models, which it can
then export to ModSecurity rules that use a positive security model.
Related External Projects
REMO is a project to build a graphical rule editor for ModSecurity
with a positive/whitelist approach.
Ouadjet uses ModSecurity audit logs to create positive-security policies and export them as
ModSecurity rules. It currently works with ModSecurity 1.9.x.
ScallyWhack is a ModSecurity-based solution to block spam posted to Trac-driven websites. It's a
lightweight, fast and flexible tool which recognizes and defeats all currently known methods to spam
GotRoot Rules for ModSecurity
GootRoot maintains a large collection of rules for ModSecurity 1.9.x and 2.x.
The AuditConsole is a J2EE web-application which runs within a servlet container and is able to receive audit-event data from the ModSecurity module.
ModSecurity App for Splunk
Splunk for ModSecurity provides searches, reports and dashboards for the famous apache module ModSecurity from Trustwave SpiderLabs.
WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc (modsecurity event log handler)..
Modsec2sguil is a Perl script that feeds ModSecurity audit logs to Sguil.
WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered
by MySQL and the frontend by XAJAX framework. It is an OWASP project.