ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, it detects and prevents attacks against...
- Free • Open Source
What is ModSecurity?
ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, it detects and prevents attacks against web applications.
- 6,418 Stars
- 1,441 Forks
- 177 Open Issues
Comments and Reviews
- Web Application Security
CategoriesSecurity & Privacy • Network & Admin
Recent user activities on ModSecurity
- sterno900 edited ModSecurityst
- bilbogh added ModSecurity as alternative(s) to open-appsec
- Ola removed ModSecurity as alternative(s) to Cloudflare
My web host NameCheap uses Mod_Security and I must say that I have developed an extremely STRONG dislike for Mod_Security.
It is very possible that Mod_Security has done piles to protect my websites but I have zero evidence of that.
On the other hand, I have piles of evidence of Mod_Security breaking my websites in absolutely insane ways. Today my website broke for a user when they attempted to enter a comment that had "Fred (not Jane) " buried in it. Previously another site I host died because a user dared to upload a post that contained the string "sleep" followed by an "(". I have many examples besides those.
Therefore your user legitimately concludes that your website is broken. That makes for very poor customer service.
In addition, there are ZERO notification options for the site owner and some ISPs provide no logs that a website owner can examine. This means that unless your clients are willing to tell you that your website is broken, and explain exactly how they broke it, then you will never find out. Other clients will simply assume that you run a shoddy website and move on.
It is possible that NameCheap's implementation of Mod_Security is problematic but right now I am looking for Mod_Security fixes or alternatives.