PickYourTechPickYourTech home
ModSecurity logo

ModSecurity

High-performance, language-agnostic security engine for web traffic

WAF & API Security

Libmodsecurity is a C/C++ library that parses ModSecurity SecRules, applies them to HTTP requests via pluggable connectors, delivering faster, Apache-free web application firewall capabilities across platforms.

ModSecurity banner

Overview

Overview

Libmodsecurity is the core library of the ModSecurity v3 project, offering a language‑agnostic engine that parses SecRule files and evaluates HTTP traffic. It is aimed at developers and security engineers who need a programmable web‑application firewall that can be embedded into any server environment.

Capabilities

The library provides both C and C++ APIs with identical feature sets, allowing applications to load rule sets from files or URIs, process connections, and trigger interventions. By removing all Apache dependencies, it delivers higher throughput and a modular architecture where separate connector projects (e.g., ModSecurity‑nginx) handle the web‑server interface. Optional components such as libinjection and curl enable advanced operators like @detectXSS, @detectSQL, and remote rule fetching. Comprehensive unit and regression tests, along with SonarCloud quality badges, ensure reliability. Documentation is generated via Doxygen, giving developers ready‑to‑use examples and API references.

Highlights

Apache-independent core for true platform portability
C and C++ APIs with identical functionality
Dynamic rule loading from SecRule files or URIs
Designed for high-throughput processing with modern C++17

Pros

  • Higher performance due to removal of Apache overhead
  • Modular architecture separates connectors, allowing independent updates
  • Supports JSON audit logs and future extensions
  • Comprehensive test suite and SonarCloud quality metrics

Considerations

  • Requires separate connector projects for each web server
  • Optional dependencies (libpcre, libXML2) needed for full rule set
  • C++17 requirement may limit older compiler environments
  • Learning curve for integrating custom connectors

Managed products teams compare with

When teams consider ModSecurity, these hosted platforms usually appear on the same shortlist.

AWS WAF logo

AWS WAF

Web Application Firewall that protects web applications and APIs from common exploits and attacks by defining security rules

Azure Web Application Firewall logo

Azure Web Application Firewall

Cloud-native WAF service that protects web apps from common attacks (SQL injection, XSS) by filtering malicious HTTP/S traffic

Sophos logo

Sophos

Unified threat management and endpoint security

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • Security teams needing a customizable, high-performance WAF engine
  • Developers building web services on Nginx, IIS, or custom servers
  • Organizations that want to avoid Apache-specific modules
  • Projects that require programmatic rule management via C/C++

Not ideal when

  • Environments that rely solely on the legacy ModSecurity v2 Apache module
  • Teams without C/C++ development expertise
  • Deployments where a single-binary module is preferred over separate connectors
  • Systems lacking required optional libraries for advanced operators

How teams use it

Integrate WAF into a custom C++ microservice

Real-time request inspection using SecRules without an external web server module

Add ModSecurity protection to Nginx

Leverage the ModSecurity-nginx connector to enforce rule sets at the edge

Implement custom logging for security events

Use the C++ API to plug in a JSON logger that meets compliance needs

Deploy rule updates from a remote repository

Utilize SecRemoteRules directive (with curl) to fetch and apply new policies automatically

Tech snapshot

C++94%
M45%
Makefile1%
CMake1%
Shell1%
C1%

Tags

wafapachemodsecuritynginxapache2

Frequently asked questions

Do I need Apache to use libmodsecurity?

No, the library has no Apache dependencies; connectors handle web-server integration.

Which programming languages can I use?

Both C and C++ interfaces are provided, offering identical functionality.

How are web-server specific modules handled?

Each server (e.g., Nginx, IIS) has its own connector repository, allowing independent release cycles.

What optional libraries enable extra operators?

libinjection for @detectXSS/@detectSQL and curl for SecRemoteRules; missing them disables those features.

Where can I find API documentation?

Run Doxygen with the supplied configuration to generate HTML docs from the code comments.

Project at a glance

Active
Visit siteView repo
Stars
9,458
Watchers
9,458
Forks
1,714
LicenseApache-2.0
Repo age14 years old
Last commit3 days ago
Primary languageC++

Last synced 3 hours ago