ModSecurity can process events as a host-based intrusion detection system (HIDS) or intrusion prevention system (IPS) application depending on how you configure it. Instead of siphoning sensitive data, attempted cyber attackers will be blocked by ModSecurity with a 403 error. Some even use ModSecurity for PCI compliance. It operates as a signature-based firewall, capable of blocking cross-site scripting (XSS), brute force attacks, and known code injection attacks for dynamic websites that depend on SQL and PHP. One of the most popular Apache security modules is ModSecurity.
The Apache web server software can be customized to suit your needs with many third party modules.
