Download
ModSecurity-nginx is the connector that embeds the ModSecurity v3 (libmodsecurity) web application firewall engine into NGINX. It integrates WAF processing into the NGINX request/response phases, allowing rules to inspect headers, bodies, and even streaming request data before it reaches upstream apps. Operators can load the OWASP Core Rule Set or custom rules to detect and block common attacks such as SQLi, XSS, RCE patterns, and protocol anomalies. The module exposes directives for enabling audit logging, anomaly scoring, request body buffering limits, and performance tuning to fit high-traffic deployments. Because it’s a native NGINX module, it benefits from NGINX’s event-driven architecture and can be compiled as a dynamic module for flexible packaging. In practice, it provides a portable, policy-driven security layer at the edge without modifying application code.
Features
- Nginx module providing integration with libmodsecurity (ModSecurity v3)
- Acts as communication channel between Nginx and the WAF engine
- Enables use of ModSecurity rule engine within Nginx deployments
- Requires separate installation of libmodsecurity
- Licensed under Apache-2.0 for open-source use
- Extensible to support OWASP Core Rule Set and other custom rulesets
Project Samples
