ModSecurity

Name: ModSecurity
Rating: 1 (1 reviews)

ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, it detects and prevents attacks against...

Free • Open Source
Firewall

Mac
Windows
Linux
BSD
Self-Hosted

★

Avg rating of 1 (1)| 1 comments

What is ModSecurity?

ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, it detects and prevents attacks against web applications.

show full description ▾

Official Links

ModSecurity Screenshots

Add a screenshot

Suggest and vote on features

ModSecurity Features

ModSecurity information

Developed byTrustwave's SpiderLabs Team
LicensingOpen Source (Apache-2.0) and Free product.
Written in
C++
Alternatives7 alternatives listed

Supported Languages

English

GitHub repository

6,418 Stars
1,441 Forks
177 Open Issues
Updated

View on GitHub

Popular alternatives

View all

Our users have written 1 comments and reviews about ModSecurity, and it has gotten 2 likes

ModSecurity was added to AlternativeTo by kscalvert on and this page was last updated .

Comments and Reviews Post a comment/review

all • positive • negative relevance • date

AnthonyV

★

Top negative comment•

My web host NameCheap uses Mod_Security and I must say that I have developed an extremely STRONG dislike for Mod_Security.

It is very possible that Mod_Security has done piles to protect my websites but I have zero evidence of that.

On the other hand, I have piles of evidence of Mod_Security breaking my websites in absolutely insane ways. Today my website broke for a user when they attempted to enter a comment that had "Fred (not Jane) " buried in it. Previously another site I host died because a user dared to upload a post that contained the string "sleep" followed by an "(". I have many examples besides those.

In all cases, Mod_Security simply breaks the web application causing it to fail in ways that are completely meaningless to users. Why should a post that contains "dangerous" data return a 404 error? A 404 error means that the website is broken. Could it not return a more useful server message? Due to the way that Mod_Security breaks your web application users might encounter odd javascript messages or other server failure messages. In all cases, your website appears busted with zero diagnostic options.

Therefore your user legitimately concludes that your website is broken. That makes for very poor customer service.

In addition, there are ZERO notification options for the site owner and some ISPs provide no logs that a website owner can examine. This means that unless your clients are willing to tell you that your website is broken, and explain exactly how they broke it, then you will never find out. Other clients will simply assume that you run a shoddy website and move on.

It is possible that NameCheap's implementation of Mod_Security is problematic but right now I am looking for Mod_Security fixes or alternatives.

Show entire comment ▾

Recent user activities on ModSecurity

st
sterno900 edited ModSecurity
ago
bilbogh added ModSecurity as alternative(s) to open-appsec
ago
Ola removed ModSecurity as alternative(s) to Cloudflare
ago