ModSecurity is the standard open-source web application firewall (WAF) engine. Originally designed as a module for the Apache HTTP Server, it has evolved to provide HTTP request and response filtering capabilities across a number of different platforms including Apache HTTP Server, Microsoft IIS and Nginx. It is free software released under the Apache license 2.0 and remains the most widespread open source web application firewall engine used by businesses, government organizations, internet service providers and commercial WAF vendors alike.
The OWASP ModSecurity project provides the WAF engine. The engine is usually coupled with
OWASP CRS, the dominant WAF rule set, that brings protection against HTTP attacks.