FAQs

Here are some frequently asked questions.

What is ModSecurity?

ModSecurity is an open source Web Application Firewall (WAF). It can be installed as a module inside the Apache, Nginx or IIS web servers.

What is the difference between ModSecurity and CRS?

ModSecurity is a firewall engine which can inspect traffic on your web server. It can log and block requests. However, an engine does nothing without a certain policy. The CRS delivers a policy where requests to your web applications are inspected for various attacks, and malicious traffic is blocked.

I'm interested in helping your project out, can I sponsor?

Yes! As a project in order to support activities like summits, hackathons, and speaking at conferences we need sponsors. If you appreciate the work we do, or you use it heavily, you should consider sponsoring. If you are interested, please get in touch with ModSecurity Co-Leaders via modsecurity /at/ owasp.org. They are in charge of sponsoring contacts.