thanks. i have reading about nginx a lot on the internet. and it seems to me that many features of mod_security are available inside nginx.
i like this post: http://eng.eelcowesemann.nl/linux-unix/nginx/nginx-blocking/
my questions.
1. how should i block remote_addr based on IP in a certain external file?
2. to block xss or such type of injection attacks -- any best practice rules?
3. can i block based on "request_uri"? if some hosts are in it (parameter) then block it.
4. can i block based on RBL checks? from spamhaus etc.
thanks!