ModSecurity is a standard webserver defense, leveraging pre-defined rules that prevent scores of Web-based attacks, which can be both automated and manual. Over the years, ModSecurity has been maintained by a large community of developers, rule writers, and engineers from Trustwave. Yet, for the longest time it was only available for Apache.
Granted, Apache is widely used online, and is the world’s largest webserver platform. But plenty of IIS and Nginx deployments exist online, and many have been targeted by attacks that would have been stopped by even the most basic of ModSecurity rules. Now, server admins have the option to layer their defenses and enjoy the benefits of a Web Application Firewall for free.