ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.. . .
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.

ModSecurity integrates with the web server, increasing your power to deal with web attacks. Some of its features worth mentioning are:

Overview

  • Request filtering; incoming requests are analysed as they come in, and before they get handled by the web server or other modules.

  • Anti-evasion techniques; paths and parameters are normalised before analysis takes place in order to fight evasion techniques.

  • Understanding of the HTTP protocol; since the engine understands HTTP, it performs very specific and fine granulated filtering.

  • POST payload analysis; the engine will intercept the contents transmitted using the POST method, too.

  • Audit logging; full details of every request (including POST) can be logged for later analysis.

  • HTTPS filtering; since the engine is embedded in the web server, it gets access to request data after decryption takes place.