Documentation

Reference Documentation: v2.5.12

• HTML, one page per chapter
• HTML, all on one page
• PDF

Data Format Documentation: v2.5.12

• HTML, all on one page
• PDF

Other Documentation

• ModSecurity 1.x to 2.x Migration Matrix
• ModSecurity FAQ

Books

ModSecurity Handbook is "The definitive guide to the popular open source web application firewall", written by Ivan Ristic. The book is available now for pre-order from Feisty Duck with immediate early access to the digital version which is continually updated.

Apache Security is a comprehensive Apache Security resource, written by Ivan Ristic for O'Reilly. Two chapters (Apache Installation and Configuration and PHP) are available as free download, as are the Apache security tools created for the book.

Preventing Web Attacks with Apache. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against.

Contributed Documentation

• ModSecurity for Apache 2.1.0 Reference Manual in Turkish (Bunyamin Demir)

Our articles

1. Securing Web Services with ModSecurity 2 (May 18, 2007)
2. Ajax Fingerprinting and Filtering with ModSecurity 2 (May 18, 2007)
3. What's New in ModSecurity (December 1, 2005), overview of the features new to ModSecurity 1.9. Published on O'Reilly Network.
4. Introducing mod_security (November 26, 2003). Published on O'Reilly Network.
5. Web Security Appliance With Apache and mod_security (October 21, 2003). Published on SecurityFocus.

External articles

1. Protegendo Webservers (apache) com o Mod_Security no FreeBSD (Portuguese; Vomicae Alan)
2. ModSecurity for Apache 1.9 Reference Manual in Turkish (Bedirhan Urgun)
3. ModSecurity article in O3 Magazine
4. Advanced Web Application Defense with ModSecurity (ZIP, Daniel Fernandez Bleda & Christian Martorella)
5. Introduction to ModSecurity (Persian, translated by Alan Baghumian)
6. Securing Web Services with mod_security (Shreeraj Shah for O'Reilly Network)
7. Firewall de Aplicaciones con Mod_Security (Spanish, Christian Martorella)
8. Apache + mod_ssl + mod_security + PHP4 installation guide (Spanish; Jose Alonso Cardenaz Marguez)
9. Locking down your Apache Web Server with mod_security (PPT; Hans Kind, FlyingServers)
10. mod_security for protecting your blog (Anil, Six Apart)
11. blacklist_to_modsec.pl (Peter R. Wood)
12. The 80/20 Rule for Web Application Security (Jeremiah Grossman, WASC)
13. Defending Web Services using ModSecurity (Shreeraj Shah, InfosecWriters)
14. An introduction to mod_security (Atomic Playboy)
15. mod_security rule generator (Noel Jackson)
16. Enhancing Apache with mod_security (Joel A. Gallegos, FedoraNEWS)
17. ModSecurity - An Intrusion Prevention Module for Apache (PDF, Ryan C. Barnett, SANS)
18. Better Living Through Mod Security by Dhillon A. K. Introduces a PHP utility that parses the audit log and puts it into the database.
19. ModSecurity documentation in Japanese by Hiroe.