====== ModSecurity ======

Mod security is a free Web Application Firewall (WAF) that works with Apache, Nginx and IIS.

It supports a flexible rule engine to perform simple and complex operations and comes with a Core Rule Set (CRS) which has rules for SQL injection, cross site scripting, Trojans, bad user agents, session hijacking and a lot of other exploits. 

----


[[Ubuntu:ModSecurity:Configure mod_security|Configure mod_security]]

[[Ubuntu:ModSecurity:Excluding Hosts and Directories|Excluding Hosts and Directories]]

[[Ubuntu:ModSecurity:Installing mod_security|Installing mod_security]]

[[Ubuntu:ModSecurity:Setting Up Rules|Setting Up Rules]]

[[Ubuntu:ModSecurity:Testing SQL Injection|Testing SQL Injection]]

[[Ubuntu:ModSecurity:Writing Your Own mod_security Rules|Writing Your Own mod_security Rules]]

----

===== References =====

  * [[http://www.modsecurity.org/|ModSecurity project home page]]

  * [[https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual|Official ModSecurity documentation]]

  * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu|How To Set Up mod_security with Apache on Debian/Ubuntu]]

  * [[http://blog.supportpro.com/2009/08/mod_security-intro/|Linux ModSecurity Introduction and Install guide]]