ModSecurity is a versatile open source web application firewall (WAF) for Apache HTTP servers, which provides protection against most common attacks on your web applications with real-time monitoring and analysis of HTTP traffic, including logging.
Modsecurity processes requests in 5 phases. In each phase, it can respond to a different type of security threat, from server request analysis, ie detection of a malicious request (eg sql injection), to server response analysis (eg authentication attack detection).
After receiving the request, modsecurity starts analyzing the data and responds accordingly according to predefined rules.
Provides protection against bruteforce attacks on CMS applications (Joomla, Wordpress, etc.) or other web applications using user authentication (login). Protection takes place in the form of blocking the user after multiple unsuccessful login attempts.
Additional protection against threats that the authors either did not think about when developing the application or are demanding on server resources if they were addressed at the application level. Protection against threats such as SQL injection, bruteforce attacks, etc.
The web server itself does not log all traffic information that is needed for security purposes. Everything can be recorded with ModSecurity. For example, the raw transaction data needed for forensic analysis. You can also choose which (or which parts of) transactions to record or disinfect.
Continuous evaluation of passive safety is focused on monitoring the behavior of the system itself. This will make it possible to detect abnormalities and deficiencies in security before they can be misused.
ModSecurity enables real-time security monitoring thanks to direct access to HTTP traffic, including the possibility of its control.