Ramesh Patel - 2018-02-22

i have installed modsecurity 3 with nginx version nginx/1.12.2 and when we set modsecurity in dectectiononly mode we get a bunch of failures during our cucumber unit testing process.

i have looked at nignx and the only error i see is the following,

2018/02/22 03:56:46 [info] 2256#2256: *1923 epoll_wait() reported that client prematurely closed connection, so upstream connection is closed too while connecting to upstream, client: 130.211.141.241, server: _, request: "POST /organization/javasdkorg1519270783471v276/event/questionnaire/type HTTP/1.1", upstream: "http://127.0.0.1:8000/organization/javasdkorg1519270783471v276/event/questionnaire/type", host: "104.155.151.86"

this error does not show up when modsecurity is off but when I enable it i get many of the above error messages. I have tried beefing up the nginx box to add more cores to it but i get the same result and I am not able to pinpoint if modsecurity is actually dropping this traffic when in detectiononly mode so currently I am testing the configurataion with modescurity on and using the follwoing to check if this is the case.
SecRuleRemoveById 920350 932130 949110 980130 920130 911100 200002

please let me know if anyone has expierienced this type of behavior.