Home

ModSecurity is an open source, cross platform web application firewall (WAF) engine donated to OWASP in 2024. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Securing tens of millions of domains, ModSecurity is the most widely deployed WAF engine in existence.

Frequently Asked Questions TO BE REVIEWED OR ARCHIVED
Getting Help

📚 Documentation

ModSecurity version 3 / libModSecurity version 3

ModSecurity version 2

Reference Manual v2.x (Some people experience difficulty with the rendering for this version of the document)
Reference Manual v2.x (Split)
Windows Troubleshooting

🚢 Development

ModSecurity 3

Motivations & Goals (Blog Post)
Overview of Changes

Components

Wiki Archive

These are legacy pages, that are kept around for future reference.

Log Data Format TO BE ARCHIVED
Tools TO BE ARCHIVED
Development Roadmap TO BE ARCHIVED
Ideas Google Summer of Code 2016 TO BE ARCHIVED

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Home

📚 Documentation

ModSecurity version 3 / libModSecurity version 3

ModSecurity version 2

🚢 Development

ModSecurity 3

Wiki Archive

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally