See also lua-resty-waf, WAF

The industry-standard web application firewall for apache. We have hundreds of custom rules and submit patches upstream to the project.

mod_security

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. - https://github.com/SpiderLabs/ModSecurity

Trustwave is announcing the transfer of ModSecurity custodianship to OWASP effective January 25, 2024.

The full Trustwave announcement is available here: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-transfers-modsecurity-custodianship-to-the-open-worldwide-application-security-project

The OWASP announcement is available here: https://owasp.org/blog/2024/01/09/ModSecurity.html

Trustwave has previously stopped the sale of Trustwave support for ModSecurity in August of 2021.

For further details have a look at: End of Sale and Trustwave Support for ModSecurity Web Application Firewall

The GitHub project page is available here: https://www.github.com/SpiderLabs/ModSecurity

• https://modsecurity.org
• https://coreruleset.org
• https://help.dreamhost.com/hc/en-us/articles/215947927-Enabling-the-Web-Application-Firewall
• https://www.dokuwiki.org/faq:mod_security