I'm building Nginx and ModSecurity together in order to use the OWASP- Core Rule Set Project.
According to the modsecurity download page, the latest version of modsecurity (2.9.1) is not stable when used with Nginx. This is consistent with my experience (not working properly on either Nginx 1.8.x or 1.9.x). I've also tried the nginx_refactoring branch of ModSecurity, but that's non-functional too - and it hasn't seen a commit in nearly 2 years anyway.
There's a new version of modsecurity coming up (libmodsecurity), but that isn't ready yet, nor any indicated of when it might be ready.
Is there any combination of ModSecurity and a supported version of Nginx that is known to be working?
