ModSecurity (also known as ModSec) is an open-source web application firewall (WAF). It is implemented to protect sites and applications against many common attacks, including XSS, code injection, etc.
70% of all attacks are carried out through the application level of the web. Thus, implementing a WAF would be helpful for organizations in ensuring system security.
It establishes an extra security layer that increases the protection level of web servers, detects, and prevents attacks before they reach web application programs.
Initially, ModSecurity was a module for Apache web servers, and with time, it grew to a full-fledged web application firewall with support for different platforms, including Apache, Nginx, and IIS.
They work on the application layer (the 7th layer in the OSI model).
It examines the incoming requests, compares them to patterns described in the rules in the ruleset, and takes actions on the requests based on the results of the tests. If the check succeeds, the HTTP request is passed to the website to retrieve the content. If not, pre-defined actions are performed.
It has a flexible rule engine to perform simple and complex operations and comes with a Core Rule Set (CRS).
And the most popular one among those is the OWASP ModSecurity Core Rule Set, which is updated regularly and can block a wide range of generic attacks, including OWASP’s top-ten list of critical vulnerabilities.
Click here to learn more about ModSecurity installation Guide for Apache on Ubuntu