ModSecurity Rules from Trustwave® SpiderLabs®

The ModSecurity Web application firewall (WAF) engine provides powerful protection against threats to data via applications. However, in order to become really effective, ModSecurity must be configured with rules that help it recognize threats and defend against them. Trustwave® SpiderLabs® provides a commercial certified rule set for ModSecurity v2.9 and above that protects against known attacks that target vulnerabilities in public software.

ModSecurity Rules from Trustwave® SpiderLabs® complement the open source OWASP ModSecurity Core Rules Set (CRS) by enhancing the basic payload protection offered by CRS. But CRS does not correlate specific attack vector locations (such as URL and parameters) from publicly disclosed vulnerabilities. This is where ModSecurity Rules from Trustwave® SpiderLabs® can help; these rules create custom virtual patches for public vulnerabilities.

Trustwave® SpiderLabs® correlates data from numerous sources to generate the commercial rules, automatically updating daily and as needed.

  1. Public vulnerability data such as Exploit-DB and National Vulnerability Database (NVD)
  2. Honeypot systems such as the WASC Distributed Web Honeypot Project (
  3. Trustwave® WAF Customer Data Analysis

ModSecurity Rules from Trustwave® SpiderLabs®

In order to use the commerical SpiderLabs ModSecurity ruleset, you MUST be running at least ModSecurity v2.9 (which includes the SecRemoteRules directive). The number of required licenses is based upon the number of ModSecurity instances in use. One license must be purchased for each installation of ModSecurity.

Please contact sales if you would like to purchase or request additional information.