ModSecurity Trustwave

Documentation

Live Wiki Documentation

The Wiki Documentation will always be the most up-to-date.

Books

ModSecurity Handbook cover

ModSecurity Handbook is "The definitive guide to the popular open source web application firewall", written by Ivan Ristic (original author of ModSecurity). The book is available from Feisty Duck in hardcopy or with immediate access to the digital version which is continually updated.

ModSecurity 2.5 cover

ModSecurity 2.5 is "A complete guide to using ModSecurity", written by Magnus Mischel. The book is available from Packt Publishing in both hardcopy and digital forms.

Apache Security cover

Apache Security is a comprehensive Apache Security resource, written by Ivan Ristic for O'Reilly. Two chapters (Apache Installation and Configuration and PHP) are available as free download, as are the Apache security tools created for the book.

Preventing Web Attacks with Apache cover

Preventing Web Attacks with Apache. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against.

Contributed Documentation

Our articles

  1. Securing Web Services with ModSecurity 2 (May 18, 2007)
  2. Ajax Fingerprinting and Filtering with ModSecurity 2 (May 18, 2007)
  3. What's New in ModSecurity (December 1, 2005), overview of the features new to ModSecurity 1.9. Published on O'Reilly Network.
  4. Introducing mod_security (November 26, 2003). Published on O'Reilly Network.
  5. Web Security Appliance With Apache and mod_security (October 21, 2003). Published on SecurityFocus.

External articles

  1. Protegendo Webservers (apache) com o Mod_Security no FreeBSD (Portuguese; Vomicae Alan)
  2. ModSecurity for Apache 1.9 Reference Manual in Turkish (Bedirhan Urgun)
  3. ModSecurity article in O3 Magazine
  4. Advanced Web Application Defense with ModSecurity (ZIP, Daniel Fernandez Bleda & Christian Martorella)
  5. Introduction to ModSecurity (Persian, translated by Alan Baghumian)
  6. Securing Web Services with mod_security (Shreeraj Shah for O'Reilly Network)
  7. Firewall de Aplicaciones con Mod_Security (Spanish, Christian Martorella)
  8. Apache + mod_ssl + mod_security + PHP4 installation guide (Spanish; Jose Alonso Cardenaz Marguez)
  9. Locking down your Apache Web Server with mod_security (PPT; Hans Kind, FlyingServers)
  10. mod_security for protecting your blog (Anil, Six Apart)
  11. blacklist_to_modsec.pl (Peter R. Wood)
  12. The 80/20 Rule for Web Application Security (Jeremiah Grossman, WASC)
  13. Defending Web Services using ModSecurity (Shreeraj Shah, InfosecWriters)
  14. An introduction to mod_security (Atomic Playboy)
  15. mod_security rule generator (Noel Jackson)
  16. Enhancing Apache with mod_security (Joel A. Gallegos, FedoraNEWS)
  17. ModSecurity - An Intrusion Prevention Module for Apache (PDF, Ryan C. Barnett, SANS)
  18. Better Living Through Mod Security by Dhillon A. K. Introduces a PHP utility that parses the audit log and puts it into the database.
  19. ModSecurity documentation in Japanese by Hiroe.