ModSecurity

ModSecurity, often referred to as ModSec, is a widely-used, open-source web application firewall (WAF). It is designed to protect web applications from various types of attacks and vulnerabilities by monitoring and filtering HTTP Protocol|HTTP traffic between a web server and clients.

ModSecurity is commonly used with the Apache HTTP server, but it does support others such as Nginx and Microsoft IIS. It operates based on rules which allows it to inspect and intercept HTTP requests and responses.

It also provides protection against common web app threats and exploits such as SQL injection, Cross-Site Scripting, Local File Inclusion and Brute Force Attack.