Sorry list:
My bad i hadn't set the default action to pass phase 1 to enable delayed blocking mode(aka anomaly scoring)- thought that was enabled by default. Custom rules working nicely
SecRule REQUEST_URI " @contains /REST" "id:9000**,phase:1,t:none,nolog,pass,setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT DELETE',setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|text/html|application/json'"

Neat job on modsecurity from the team(now i got to find why it breaks ajax post requests with content-type:text/plain or application/x-www-form-urlencoded  in my app).

From: mad-proffessor@hotmail.com
To: mod-security-users@lists.sourceforge.net
Subject: nginx and modsecurity custom rules not applied
Date: Wed, 30 Oct 2013 14:17:54 +0200

Hello all.
I have compiled nginx latest stable 1.4.3 with modsecurity latest-stable 2.7.5 but while it works i cant get it to recognize my custom rules.I am using the owasp crs 2.2.8(Using the base rules only and Collaborative Detection Blocking). I am appending my modsecurity_crs_15_custom_rules.conf to the modsecurity.conf right after the recommended rules and before the 20-30 rules. A rule like that worked perfectly for example with apache 2.2.22

SecRule  REQUEST_HEADERS " @contains /REST" "id:111115,phase:1,t:none,nolog,pass,setvar:'tx.allowed_headers=Content-Range/ ask/ additional/ X-Requested-With/ Make/ Content-Type/'" 

or this one


SecRule REQUEST_FILENAME " <at> contains /REST" "id:111114,phase:1,t:none,nolog,pass,setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT DELETE',setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|text/html|application/javascript|application/json'"

I know its not a long time since support for modsecurity was added to nginx but this one should work. I really love nginx his speed, modules and the event-based approach and modsecurity(it helped me understand things like csp,xss,source code leakage), i wont go back. Any hints how to manage this?