plaintext 9 lines · 1 tab

ModSecurity WAF rules for common web attack patterns

Kai Nakamura Apr 2026
1 tab
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off

SecRule ARGS|REQUEST_HEADERS|XML:/* "@detectSQLi" \
  "id:1001,phase:2,deny,status:403,log,msg:'Potential SQLi detected'"

SecRule ARGS|REQUEST_HEADERS|XML:/* "@detectXSS" \
  "id:1002,phase:2,deny,status:403,log,msg:'Potential XSS detected'"
1 file · plaintext Explain with highlit

A WAF is not a license to ignore secure coding, but it can still buy useful time and visibility. I tune rules for known attack classes and watch false positives aggressively during rollout. Managed poorly, a WAF becomes operational pain; managed well, it becomes a meaningful friction layer.

Share this code

Here's the card — post it anywhere.

ModSecurity WAF rules for common web attack patterns — share card
Link copied