A web application firewall (WAF) capability provides defense of websites and web applications from hackers and malware by filtering and monitoring HTTP traffic between a web app and the Internet. The WAF protects against a variety of application layer attacks including credential theft, code injection, cross-site scripting (XSS), cookie poisoning, CSRF, SQL injection, DoS, ransomware, and more. ModSecurity, sometimes referred to as ModSec, is an open-source web security framework that when combined with rules allows users to build WAFs for free.
Atomicorp offers three solutions for your ModSecurity and WAF needs ranging from free ModSecurity rules to commercial turnkey WAF virtual appliances:
Trustwave Discontinues ModSecurity Support
Trustwave announced in August 2021 that it would no longer be supporting ModSecurity. Trustwave also set a date for end-of-support for its ModSecurity rule set. The move leaves Atomicorp as the primary commercial ModSecurity rules provider in the industry. Atomicorp will continue its 17-year commitment to the still quite active ModSec user community.
“We’ve been with ModSecurity the longest – since the very beginning – and we are committed to continue to enthusiastically support it for the foreseeable future. We are more than happy to support Trustwave ModSecurity users, whether they wish to keep the Trustwave rules or upgrade to an Atomicorp commercial rules feed.” — Michael Shinn, the founder and CEO of Atomicorp.
Read the press release.
ModSecurity Comparison
| Feature | Free ModSecurity Rules | Atomic ModSecurity Rules | Atomic WAF |
|---|---|---|---|
| Cost | Free | $225 per server per year. Bulk discounts avail. | $300 per IP/Server. Bulk discounts avail. |
| Enterprise-level Support | |||
| Number of Rules | Hundreds | Thousands | Thousands |
| Supports Unlimited Custom Rules | |||
| Update Frequency | Periodically | Daily | Daily |
| Response Time for False Positives | Community support | Within the hour | Within the hour |
| Support Model | Community | 24/7/365 | 24/7/365 |
| Basic Attack Blocking | |||
| Scanner Blocker | |||
| Proxy Abuse | |||
| Custom White/Blacklists | |||
| Supports Third Party RBLs | |||
| Easy Geoblocking | |||
| Virtual Patches | |||
| PageRank Protection | |||
| Brute Force Attacks | |||
| Advanced Attacks Blocked (SSRF, XXE) | |||
| Data Loss Prevention | |||
| Realtime Malware Protection | |||
| Content Scraping Protection | |||
| Layer 7 DOS Protection | |||
| Realtime Malware Removal System | |||
| Automatic Whitelisting | |||
| Machine Learning | |||
| AntiSpam Protection | |||
| Real Time Threat Intelligence | |||
| Management Console | |||
| Rules Editing | Command Line | Command Line | GUI |
| Management Reports | |||
| Compliance Reports | |||
| Role based access control GUI | |||
| MFA SSO integration in GUI | |||
| Cloudflare Integration | |||
| Included Software | Rules only | Modsecurity, Rule Updater, Rules, Libraries | Modsecurity, Rule Updater, Rules, Libraries, Full management GUI and CWPP for appliance |
| Setup Process | Manual | One Step Automated | One Step Automated |
| Update Process | Manual | Automated | Automated |
Read Our Solution Brief for WAF and Web Application Security
Attacks come virtually, across the cloud and internet, putting your communicative web entities at risk. Secure your web servers, websites, endpoints, and data, with Atomicorp zero trust cloud workload protection and ModSecurity WAF.
Read the Atomicorp ModSecurity Rules and WAF solution brief.