security_mod disabled now. but the config is
nginx-modsecurity-enable.conf:
ModSecurityEnabled on;
ModSecurityConfig /etc/nginx/nginx-modsecurity.conf;
Did you disable the module just via configuration or did a full vanilla
nginx recompile, because the module could be still hooking in requests.
Also 2.8.0 seems a bit "oldish" since it's been released more than a year
ago https://github.com/SpiderLabs/ModSecurity/releases
Besides there are existing / confirmed memory leaks:
https://github.com/SpiderLabs/ModSecurity/issues/895
.. and this discussion also might be related:
https://github.com/SpiderLabs/ModSecurity/issues/785
rr
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
