Some time ago i promised (thanks to christian folini for his request)

to publish on this list the WAFSEC 1.0 evaluation matrix for mod_security that I had made some time ago. It is here:



My evaluation work is based on using mod_security, together with the REMO policy engine and the jwall audit console.

Comments are welcome. Moreover, if it might be worthwhile, I give right now to mod_security developers the rights to publish this the document, all or in part, on the project web site, eventually  integrated and corrected.


I hope this document could be useful to someone, and not so wrong in the content.


Best Regards