OWASP
Modsecurity Project
The 1st Line of Defense
ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.
Get latest v2: 2.9.7 Get latest v3: 3.0.12The most widespread open source WAF
Used by businesses, government organizations, internet service providers, and commercial WAF vendors alike on millions of domains all over the world. The engine, coupled with OWASP CRS - the dominant WAF rule set, undeniably raises the level of protection against HTTP attacks to a higher level.
Become a part of it!ModSecurity under OWASP's custodianship
Getting Started
Usage scenarios
- Real-time application security monitoring and access control
- Full HTTP traffic logging
- Continuous passive security assessment
- Web application hardening
Community
👋 Be part of a vibrant and welcoming community.
🗺️ Join us on Slack for discussions, see GitHub for our projects, or follow us on Twitter.
🤙 We are always looking for new contributors and developers.
Community