Mod security is a free Web Application Firewall (WAF) that works with Apache, Nginx and IIS.

It supports a flexible rule engine to perform simple and complex operations and comes with a Core Rule Set (CRS) which has rules for SQL injection, cross site scripting, Trojans, bad user agents, session hijacking and a lot of other exploits.

Configure mod_security

Excluding Hosts and Directories

Installing mod_security

Setting Up Rules

Testing SQL Injection

Writing Your Own mod_security Rules

• ModSecurity project home page

• Official ModSecurity documentation

• How To Set Up mod_security with Apache on Debian/Ubuntu

• Linux ModSecurity Introduction and Install guide