Mod_Security is a free firewall of web-based apps (WAF) for Apache, Nginx, and IIS. This firewall represents a system of rules that help execute operations. Its task is to check all queries that come to the web server and filter those which comply with security rules.
Mod_Security is used as an Apache module which adds up abilities to detect and prevent attacks on the Web server. The mod_security module works only on the HTTP level. The module lets you analyze the actions of the HTTP protocol. In addition to detection, mod_security also supports attack prevention. Since the module is located between the client and the server, it performs the search. If the query contains malicious data, the module can decline the query.