ModSecurity is an open-source web application firewall and security engine. It functions as an HTTP traffic inspector and intrusion detection system that filters incoming web requests and responses against a set of security rules to block threats and prevent attacks on web servers.
owasp-modsecurity/modsecurity 的主要功能包括:HTTP Request Filtering, Web Application Firewalls, Injection Attacks, Network Traffic Inspectors, Injection Prevention, Intrusion Detection Systems, Web Server Hardening, Web Application Security。
owasp-modsecurity/modsecurity 的开源替代品包括: bunkerity/bunkerized-nginx — Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web… owasp/top10 — This project is a web application security standard and vulnerability framework. It provides a comprehensive list of… bunkerity/bunkerweb — BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall… yandex/gixy — Gixy is a static configuration analyzer and security auditor for Nginx. It functions as an infrastructure-as-code… codeigniter4/codeigniter4 — CodeIgniter is a PHP web framework built on the Model-View-Controller pattern, designed for building full-stack web… perwendel/spark — Spark is a lightweight Java web framework and embedded server designed for building web applications with minimal…
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
This project is a web application security standard and vulnerability framework. It provides a comprehensive list of the most critical security risks facing web applications, paired with technical guidance and a structured methodology for identifying and mitigating these flaws. The framework functions as a secure coding guide and a risk assessment methodology, offering a standardized approach to prioritizing vulnerabilities based on their potential impact and likelihood of exploitation. It defines architectural patterns and technical recommendations to help developers implement defense in dep
BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme
Gixy is a static configuration analyzer and security auditor for Nginx. It functions as an infrastructure-as-code security scanner and web server configuration linter designed to identify vulnerabilities and misconfigurations in server definitions before deployment. The tool focuses on detecting high-risk security flaws, including host header spoofing, server-side request forgery, and path traversal. It specifically audits Nginx configurations for risks such as HTTP splitting, multiline header issues, and unauthorized third-party access resulting from incorrect Referer or Origin header patter