Hi, I'm new to SEnginx and I just setted it up on a test server last release 1.6.2 .
After installation I added in the nginx.conf file a rule for limit requests as explained here:
http://www.senginx.org/en/index.php/Condition_Limit_Req
so I have:
http {
# Create a global request accounting pool - DOS prevention -
limit_req_zone $binary_remote_addr $request_uri zone=antidos:10m rate=10r/s;
.....
.....
server {
location / {
limit_req zone=antidos burst=1 forbid_action=@process;
}
location @process {
return 503;
}
}
I tested it and it works fine (also if, as you can see, I removed condition=$cond).
Then I configured, enabled and tested modsecurity and it also works fine ( checked it with many tools from Kali Linux).
The issue is that, with modsecurity enabled, requests are no longer limited while, if I disable it, requests are limited.
Please, can you point me on how can I solve this?
Maybe by enabling modsecurity, I have to use another kind of rule to achieve the same result?

This is the config that doesn't work:
http {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;

    # Create a global request accounting pool - DOS prevention -
    limit_req_zone $binary_remote_addr $request_uri zone=antidos:10m rate=10r/s;
            .....
            .....
    server {
    location / {
        limit_req zone=antidos burst=1 forbid_action=@process;
    }
    location @process {
        return 503;
    }

}
Thanks for your help,
Best Regards
Frank_sz

modsecurity nginx version have some bugs, for example, if you add it in nginx ,reload nginx in error log
you may found coredump,so i think nginx modsecurity in unused