ModSecurity icon
ModSecurity icon

ModSecurity

 2 likes

ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, it detects and prevents attacks against web applications.

License model

  • FreeOpen Source

Application type

Country of Origin

  • US flagUnited States

Platforms

  • Mac
  • Windows
  • Linux
  • BSD
  • Self-Hosted
1 / 5 Avg rating (1)
2likes
1comment
0news articles

Features

Suggest and vote on features
  1.  Embeddable
  2.  Traffic Monitoring
  3.  Firewall

 Tags

ModSecurity News & Activities

Highlights All activities

Recent activities

No activities found.

ModSecurity information

  • Developed by

    US flagTrustwave's SpiderLabs Team
  • Licensing

    Open Source (Apache-2.0) and Free product.
  • Written in

  • Alternatives

    7 alternatives listed
  • Supported Languages

    • English

AlternativeTo Categories

Security & PrivacyNetwork & Admin

GitHub repository

  •  8,910 Stars
  •  1,665 Forks
  •  254 Open Issues
  •   Updated Jun 11, 2025 
View on GitHub

Our users have written 1 comments and reviews about ModSecurity, and it has gotten 2 likes

ModSecurity was added to AlternativeTo by kscalvert on Jan 25, 2014 and this page was last updated Feb 28, 2023.

Comments and Reviews

   
 Post comment/review
Top Negative Comment
AnthonyV
Mar 3, 2020
0

My web host NameCheap uses Mod_Security and I must say that I have developed an extremely STRONG dislike for Mod_Security.

It is very possible that Mod_Security has done piles to protect my websites but I have zero evidence of that.

On the other hand, I have piles of evidence of Mod_Security breaking my websites in absolutely insane ways. Today my website broke for a user when they attempted to enter a comment that had "Fred (not Jane) " buried in it. Previously another site I host died because a user dared to upload a post that contained the string "sleep" followed by an "(". I have many examples besides those.

In all cases, Mod_Security simply breaks the web application causing it to fail in ways that are completely meaningless to users. Why should a post that contains "dangerous" data return a 404 error? A 404 error means that the website is broken. Could it not return a more useful server message? Due to the way that Mod_Security breaks your web application users might encounter odd javascript messages or other server failure messages. In all cases, your website appears busted with zero diagnostic options.

Therefore your user legitimately concludes that your website is broken. That makes for very poor customer service.

In addition, there are ZERO notification options for the site owner and some ISPs provide no logs that a website owner can examine. This means that unless your clients are willing to tell you that your website is broken, and explain exactly how they broke it, then you will never find out. Other clients will simply assume that you run a shoddy website and move on.

It is possible that NameCheap's implementation of Mod_Security is problematic but right now I am looking for Mod_Security fixes or alternatives.

What is ModSecurity?

ModSecurity is an open source web application firewall. Working embedded in the web server, or standalone as a network appliance, it detects and prevents attacks against web applications.

Official Links