ModSecurity

ModSecurity is the most widely deployed open-source WAF engine, originally developed for the Apache HTTP Server and now available for Nginx and IIS as well. It provides a powerful rule language for inspecting and filtering HTTP traffic.

Key features of ModSecurity:

• SecRule language: Flexible rule language for creating custom detections
• OWASP Core Rule Set (CRS): Comprehensive, maintained rule set
• Request/response inspection: Full access to HTTP traffic
• Audit logging: Detailed logging for forensics
• Virtual patching: Block exploits without code changes

ModSecurity is often used as:

• Primary WAF for organizations with security expertise
• Learning tool for understanding WAF concepts
• Basis for commercial WAF products
• Defense layer for legacy applications