# Install modsecurity with Homebrew, apt, zypper

Libmodsecurity is one component of the ModSecurity v3 project. Version 3.0.16 via Homebrew; verified 2026-06-29.

## Install

```sh
sudo av install brew:modsecurity
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install modsecurity
```

  Evidence: local Homebrew formula metadata

### Linux

- Debian apt (92%):

```sh
sudo apt install libmodsecurity-dev
```

  Evidence: Debian stable package indexes: libmodsecurity-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- zypper (92%):

```sh
sudo zypper install libmodsecurity3
```

  Evidence: openSUSE Tumbleweed package metadata: libmodsecurity3 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:modsecurity
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/modsecurity>
- **Version:** 3.0.16
- **Source summary:** Libmodsecurity is one component of the ModSecurity v3 project
- **Homepage:** <https://github.com/owasp-modsecurity/ModSecurity>
- **Repository:** <https://github.com/owasp-modsecurity/ModSecurity>
- **Upstream docs:** <https://github.com/owasp-modsecurity/ModSecurity#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/owasp-modsecurity/ModSecurity/releases/download/v3.0.16/modsecurity-v3.0.16.tar.gz>
- **Last updated:** 2026-06-29T22:26:54Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- modsec-rules-check (cli)
- modsec-rules-check (alias)

## Dependencies

- libmaxminddb
- lua
- pcre2
- yajl

## Build dependencies

- autoconf
- automake
- libtool
- pkgconf

## Uses from macOS

- curl
- libxml2

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.0.16
- Package-manager updated: 2026-06-29
- Local data: ok
- Upstream repository: https://github.com/owasp-modsecurity/ModSecurity
- info: No cached GitHub release or tag data was available.
## Project history and usage

ModSecurity is an open-source web application firewall engine that began in 2002 and became one of the most widely known defensive layers for inspecting HTTP traffic with configurable rules. Ivan Ristic created the original Apache-focused project; later stewardship passed through commercial and community hands, including Thinking Stone, Breach Security, Trustwave SpiderLabs, and OWASP. OWASP's project page records the 2024 transfer from Trustwave to OWASP and frames the project as the WAF engine commonly paired with the OWASP Core Rule Set.

### Project history

Technically, ModSecurity evolved from an Apache module into a cross-platform WAF engine. The v3/libmodsecurity architecture separated the core library from web-server connectors, removing Apache dependencies and allowing connectors for environments such as Nginx and Apache to feed traffic into the same SecRules processing engine. The upstream README describes libmodsecurity as the component that loads and interprets SecRules and applies traditional ModSecurity processing to HTTP content supplied by connectors.

### How it is used

Its adoption history is tied to both open-source infrastructure and commercial WAF support. Breach Security described the project in 2006 as having more than 10,000 deployments, and Trustwave later provided commercial rules and support before announcing end-of-sale in 2021 and end-of-life for Trustwave support on July 1, 2024. Distribution through Homebrew and Linux development packages such as `libmodsecurity-dev` reflects its dual identity as both an installable command-line/dev library package and a component embedded by web-server modules, reverse proxies, hosting panels, and security stacks.

### Sources

- <https://formulae.brew.sh/formula/modsecurity>
- <https://github.com/owasp-modsecurity/ModSecurity>
- <https://owasp.org/www-project-modsecurity/>
- <https://www.helpnetsecurity.com/2006/09/25/breach-acquires-modsecurity-open-source-vendor-thinking-stone/>
- <https://www.levelblue.com/blogs/spiderlabs-blog/modsecurity-version-3.0-announcement>
- <https://www.levelblue.com/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/>


## Security Notes

No matching local secret-handling manifest was found for modsecurity. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** modsecurity
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - libmodsecurity-dev - 3.0.14-1: normalized package name match | Debian stable package indexes: libmodsecurity-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | ModSecurity v3 library component (development files) | https://www.modsecurity.org/
- Debian apt - libmodsecurity3t64 - 3.0.14-1: normalized package name match | Debian stable package indexes: libmodsecurity3t64 from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | ModSecurity v3 library component | https://www.modsecurity.org/
- Ubuntu apt - libmodsecurity-dev - 3.0.12-1.1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: libmodsecurity-dev from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | ModSecurity v3 library component (development files) | https://www.modsecurity.org/
- Ubuntu apt - libmodsecurity3t64 - 3.0.12-1.1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: libmodsecurity3t64 from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | ModSecurity v3 library component | https://www.modsecurity.org/
- zypper - libmodsecurity3 - 3.0.15-2.1: normalized package name match | openSUSE Tumbleweed package metadata: libmodsecurity3 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Web application firewall engine | https://www.modsecurity.org/
- zypper - modsecurity - 3.0.15-2.1: normalized package name match | openSUSE Tumbleweed package metadata: modsecurity from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Web application firewall engine | https://www.modsecurity.org/
- zypper - modsecurity-devel - 3.0.15-2.1: normalized package name match | openSUSE Tumbleweed package metadata: modsecurity-devel from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Development files for modsecurity, a web application firewall engine | https://www.modsecurity.org/


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [libmaxminddb](https://www.automicvault.com/pkg/brew/libmaxminddb/) - Runtime dependency declared by Homebrew.
- [lua](https://www.automicvault.com/pkg/brew/lua/) - Runtime dependency declared by Homebrew.
- [pcre2](https://www.automicvault.com/pkg/brew/pcre2/) - Runtime dependency declared by Homebrew.
- [yajl](https://www.automicvault.com/pkg/brew/yajl/) - Runtime dependency declared by Homebrew.
- [autoconf](https://www.automicvault.com/pkg/brew/autoconf/) - Build dependency declared by Homebrew.
- [automake](https://www.automicvault.com/pkg/brew/automake/) - Build dependency declared by Homebrew.
- [libtool](https://www.automicvault.com/pkg/brew/libtool/) - Build dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [gotestwaf](https://www.automicvault.com/pkg/brew/gotestwaf/) - Shares av.db curated category or tags: cli, owasp, security, waf.
- [dependency-check](https://www.automicvault.com/pkg/brew/dependency-check/) - Shares av.db curated category or tags: cli, owasp, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [azurehound](https://www.automicvault.com/pkg/brew/azurehound/) - Shares av.db curated category or tags: cli, security.
- [hydra](https://www.automicvault.com/pkg/brew/hydra/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, pcre2, security.
- [libselinux](https://www.automicvault.com/pkg/brew/libselinux/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, pcre2, security.
- [checkpwn](https://www.automicvault.com/pkg/brew/checkpwn/) - Security-sensitive metadata or terminology overlaps. Shared terms: check, cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/modsecurity.yml](https://github.com/automic-vault/db/blob/main/combined/modsecurity.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
