Accept cookies for analytics, social media, and advertising, or learn more and adjust your preferences. These cookies are on by default for visitors outside the UK and EEA. Privacy Notice.
A brief history of the ModSecurity project
How ModSecurity stops Layer 7 attacks
What’s changed with ModSecurity 3.0 and how it integrates with NGINX
How to install and configure ModSecurity with both NGINX Open Source and NGINX Plus
You asked for it, you waited for it, and now it’s finally here. The long‑awaited ModSecurity 3.0 is available now. ModSecurity 3.0 is a complete rewrite of ModSecurity, and is the first version to work natively with NGINX. ModSecurity 3.0 loads into NGINX as a dynamic module.
ModSecurity is the world’s most widely deployed web application firewall (WAF), used by more than a million websites. ModSecurity protects applications against a broad range of Layer 7 attacks, such as SQL injection (SQLi), local file inclusion (LFI), and cross‑site scripting (XSS). ModSecurity is open source software and is backed by a strong, enthusiastic community.
