FAQs

ModSecurity is an open source Web Application Firewall (WAF). It can be installed as a module inside the Apache, Nginx or IIS web servers.

ModSecurity is a firewall engine which can inspect traffic on your web server. It can log and block requests. However, an engine does nothing without a certain policy. The CRS delivers a policy where requests to your web applications are inspected for various attacks, and malicious traffic is blocked.

Yes! As a project in order to support activities like summits, hackathons, and speaking at conferences we need sponsors. If you appreciate the work we do, or you use it heavily, you should consider sponsoring. If you are interested, please get in touch with ModSecurity Co-Leaders via modsecurity /at/ owasp.org. They are in charge of sponsoring contacts.