ModSecurity Handbook Cover
Buy ebook £12
Plus VAT if you're in the EU, excl. UK
Get paperback from Amazon: .com .ca .de .fr .jp
Last update: 24 March 2012
First release: 15 March 2010
Language: English (384 pages)
ISBN: 978-1907117022
Formats: Paperback, PDF, EPUB,
     Kindle, Online; no DRM
ModSecurity Handbook
The definitive guide to the popular open source web application firewall, by Ivan Ristić, the principal author of ModSecurity
  • Step-by-step instructions for those just starting out
  • Detailed explanations of the internals and advanced techniques for seasoned users
  • Includes a comprehensive reference manual
  • Available as paperback and various digital formats (PDF, EPUB, Mobi/Kindle); no DRM
  • Also available online in our browser-based reading application
  • Online version has a reading mode that shows changes since the first edition
  • Provides full coverage of ModSecurity 2.6.x
  • Includes the official ModSecurity Reference Manual
Table of Contents
Part I: User Guide
1. Introduction 2. Installation 3. Configuration 4. Logging 5. Rule Language Overview 6. Rule Language Tutorial 7. Rule Configuration 8. Persistent Storage 9. Practical Rule Writing 10. Performance 11. Content Injection 12. Writing Rules in Lua 13. Handling XML 14. Extending Rule Language
Part II: Reference Manual
15. Directives 16. Variables 17. Transformation Functions 18. Actions 19. Operators 20. Data Formats Guide Index

About the Author

Ivan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.

He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.


ModSecurity Handbook:
Getting Started

A free 60-page book that covers installation and initial configuration of ModSecurity. This book is based on the first 4 chapters of ModSecurity Handbook.

Additional Material

About ModSecurity

ModSecurity is a widely-deployed open source web application firewall, used by small and large organizations alike. Ivan founded ModSecurity in 2002 and ran the project until 2009. Since then he is focused on documenting the project, via his work on ModSecurity Handbook.

ModSecurity and mod_security are trademarks or registered trademarks of Trustwave Holdings, Inc.