You asked for it, you waited for it, and now it's finally here. The long‑awaited ModSecurity 3.0 is available now. ModSecurity 3.0 is a complete rewrite of ModSecurity, and is the first version to work natively with NGINX. ModSecurity 3.0 loads into NGINX as a dynamic module.
ModSecurity is the world’s most widely deployed web application firewall (WAF), used by more than a million websites. ModSecurity protects applications against a broad range of Layer 7 attacks, such as SQL injection (SQLi), local file inclusion (LFI), and cross‑site scripting (XSS). ModSecurity is open source software and is backed by a strong, enthusiastic community.
A brief history of the ModSecurity project
How ModSecurity stops Layer 7 attacks
What’s changed with ModSecurity 3.0 and how it integrates with NGINX
How to install and configure ModSecurity with both open source NGINX and NGINX Plus
Faisal Memon
Software Engineer