Hi,
I was looking for Web Application Firewall solution and found modsecurity (via apache) very useful. Only problem is that, it is GPLed and can not be embedded in commercial product. Is it possible to write modsecurity type module (with rule language) in nginx. Are sufficient hooking of http request/response cycle within reverse proxy mode available in nginx to fulfill modsecurity like functionality of "allow" or "deny" some calls to the upstream server based on rules (xpath or regex based)?
Thanks