You are currently using the basic editor in guest mode which is limited to the 5 rules groups. Please sign up to access all the features.

ModSecurity Rule Editor

Configure your web application firewall rules with ease

About Rule Groups & Recommendations

Rule Groups

Our rule groups are organized based on OWASP security categories to provide comprehensive protection:

  • Injection Protection: Guards against SQL, XSS, Command, and LDAP injection attacks
  • Access Control: Manages authentication, authorization, and session security
  • Data Protection: Ensures proper encryption and data integrity
  • System Security: Prevents misconfigurations and monitors system health
Recommendations
Best Practices:
  • Enable all Critical severity rules for maximum protection
  • Start with DetectionOnly mode to monitor impact
  • Review logs before enabling prevention mode
  • Customize rules based on your application's needs
Important Notes:
  • Test rules in staging before production
  • Monitor false positives and adjust accordingly
  • Keep rules updated for new threats

OWASP Core Rule Sets

Injection Protection 4 rules
SQL Injection Protection
Critical
Prevents SQL injection attacks by detecting and blocking malicious SQL patterns.
Cross-Site Scripting (XSS)
Critical
Blocks attempts to inject malicious scripts into web pages.
Command Injection
Critical
Prevents execution of unauthorized system commands.
LDAP Injection
Critical
Prevents LDAP injection attacks in directory services.
Access Control 3 rules
Broken Access Control
Critical
Prevents unauthorized access to resources and enforces proper access controls.
Authentication Failures
Critical
Prevents authentication bypass and enforces strong authentication.
Session Management
Critical
Protects against session hijacking and enforces secure session handling.
Data Protection 3 rules
Cryptographic Failures
Critical
Protects sensitive data through proper encryption and security measures.
Data Integrity
Critical
Ensures data integrity and prevents unauthorized modifications.
Sensitive Data Exposure
Critical
Prevents exposure of sensitive information in responses and logs.
System Security 3 rules
Security Misconfiguration
Critical
Prevents exploitation of security misconfigurations.
Vulnerable Components
Critical
Detects and blocks exploitation of known vulnerabilities.
Logging & Monitoring
High
Ensures proper security logging and monitoring.

Advanced Settings

Select your web server format for ModSecurity configuration
Controls whether rules are enforced or just logged
Enable/disable inspection of request body content
Enable/disable inspection of response body content

Live Preview

# Your ModSecurity configuration will appear here
Privacy Policy
Terms of Service
Refund Policy
Contact Us