Pre-Packaged, Binary Installation
The easiest method of installing ModSecurity is to use your existing OS Package Manager application (Yum or Aptitude) to install it from your default OS Repository.
Installation – Ubuntu/Debian
$ sudo apt-get install libapache2-mod-security
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload
Installation – Fedora/CentOS
$ sudo yum install mod_security
$ sudo /etc/init.d/httpd restart
Installation – Microsoft IIS (MSI Installer)
- ModSecurity v2.9.1 for IIS MSI Installer – 32bits (sha256)
- ModSecurity v2.9.1 for IIS MSI Installer – 64bits (sha256)
Source Code Downloads
ModSecurity is an open source product licensed under ASLv2. It comes with full source code and documentation. Current releases are signed by Breno Silva. These public keys are available via most PGP key server mirrors.
ModSecurity for Apache (Stable Release Quality)
ModSecurity for Nginx
NOTE: The Nginx module is contained within the Apache archive package. You must first compile ModSecurity with the –enable-standalone-moduleflag and then compile the Nginx code to use it. See the Blog post for more information.
NOTE: Some instabilities in the Nginx add-on have been reported (see the Github issues page for details). Please use the “nginx_refactoring” branch where possible for the most up to date version and stay tuned for the ModSecurity version 4.