Thank you Yorkng, It start logging now, but the requests can still get through. How can I RequestDenied the requests that meet a condition in modsecurity_crs_41_sql_injection_attacks.conf ?


On Mon, Aug 27, 2012 at 2:20 PM, yorkng zhuo <> wrote:
hello,  Hekuran,
you may  need set "SecRuleEngine on"
 in the front of file:/usr/local/nginx/conf/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf


On Mon, Aug 27, 2012 at 8:02 PM, Hekuran Doli <> wrote:
I have compiled nginx with mod_security support. In error log I can see the support for mod_security 

2012/08/27 11:13:11 [info] 602096#0: ModSecurity for nginx/2.7.0-rc2 ( configured.
2012/08/27 11:13:11 [info] 602096#0: ModSecurity: APR compiled version="1.4.2"; loaded version="1.4.2"
2012/08/27 11:13:11 [info] 602096#0: ModSecurity: PCRE compiled version="8.2 "; loaded version="8.02 2010-03-19"
2012/08/27 11:13:11 [info] 602096#0: ModSecurity: Loaded PCRE do not match with compiled!
2012/08/27 11:13:11 [info] 602096#0: ModSecurity: LIBXML compiled version="2.7.8"

I have loaded the ModSecurityConfig and  ModSecurityEnabled
ModSecurityConfig /usr/local/nginx/conf/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf;
ModSecurityEnabled On;

But I cant make mod_security work. 

Attacks can get through and I get no error in log file. 

Do i need to add any extra configuration to enable mod_security for ngix?

Note: Im using nginx as reverse proxy


Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:



Hekuran Doli

Senior Software Engineer
Yjet e Erenikut 14/2, Gjakova, Kosova
+386 49 40 40 50