OWASP
Modsecurity Project

Rules protecting a safe

The 1st Line of Defense

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

Get latest v2: 2.9.7 Get latest v3: 3.0.12

The most widespread open source WAF

Used by businesses, government organizations, internet service providers, and commercial WAF vendors alike on millions of domains all over the world. The engine, coupled with OWASP CRS - the dominant WAF rule set, undeniably raises the level of protection against HTTP attacks to a higher level.

Become a part of it!

ModSecurity under OWASP's custodianship

OWASP® Foundation, the leading open community dedicated to application security, is already responsible for the Core Rule Set, the dominant WAF rule set on the market. By joining the ModSecurity WAF to their repertoire, OWASP can now steer ModSecurity’s development with a holistic view, fostering even tighter integration between the core rule set and the underlying framework.
Rules protecting a safe

Getting Started

Usage scenarios

  • Real-time application security monitoring and access control
  • Full HTTP traffic logging
  • Continuous passive security assessment
  • Web application hardening

Download

Principles

  • Flexibility
  • Passiveness
  • Predictability
  • Quality over quantity

Getting Started

Community

👋 Be part of a vibrant and welcoming community.

🗺️ Join us on Slack for discussions, see GitHub for our projects, or follow us on Twitter.

🤙 We are always looking for new contributors and developers.

Community

Latest Blog Posts