Huihoo - ModSecurity - Open Source Web Application Firewall

ModSecurity - Open Source Web Application Firewall

(Back to docs.huihoo.com)

Introduction

ModSecurity is an intrusion detection and prevention engine for Web applications (sometimes called a Web application firewall). Operating embedded or as part of an Apache reverse proxy, it increases Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure. It monitors HTTP traffic (including POST payloads), detects or prevents attacks, enhances logging, performs anti-evasion, and allows administrators to create custom rules to suit their specific needs. It excels in HTTP traffic monitoring and just-in-time vulnerability patching.

ModSecurity Console is a real-time monitoring and log agreggation solution for ModSecurity. It is a self-contained package (it consists of an event-collecting daemon, Web server, and database engine) written in pure Java (can be deployed on any platform that supports JRE 1.4 or better). Features include secure log centralization, alert management and notification, customizable reporting, and DNS and geographic IP resolution. It supports up to three ModSecurity sensors.