ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

Commercial and Community Support/Services

Trustwave's SpiderLabs Research Team leads the development of the ModSecurity project and provides many open, free and commercial services and offerings to help facilitate the community.

Commercial Services from Trustwave Trustwave offers a number of commercial offerings and services to support the ModSecurity community including:
  • ModSecurity Support - Receive phone and email support from the Trustwave Technical Assistance Center (TAC) for ModSecurity configuration questions, alert analysis questions and trouble-shooting.
  • ModSecurity Professional Services - Receive hands-on assistance directly from the SpiderLabs Research ModSecurity team for installation help, advanced/custom configurations and virtual patching.
  • ModSecurity Training - The SpiderLabs Research ModSecurity Team teaches students how to defend web applications with ModSecurity including hands-on lab activities and is available online or onsite in one, two or three-day seminars.
Community User Support Community support for ModSecurity is available on the mod-security-users mailing list. You must subscribe first in order to post. The list archives are available as News (NNTP), Threaded HTTP, Bloggy HTTP, and RSS.

NOTE: Support for the Core Rule Set has moved to a the owasp-modsecurity-core-rule-set mail list.
Community Developer Support Community developer support for ModSecurity is available on the mod-security-developers mailing list. You must subscribe first in order to post. The list archives are available as Developer Archives,
General Questions, Comments and Bug Reports If you believe you have encountered a bug in ModSecurity, please first check in our Issues (which tracks both defects and requested/planned improvements, starting with version 2.5.6).

If you have a general question or comment about the website or other hosted applications please submit it to support/
Security We take security very seriously! If you need to report a security problem please write to security/

Support Request Checklist

There is a detailed Support request checklist document, which lists all the information that may be needed to successfully resolve your problem.