> security_mod disabled now. but the config is
> nginx-modsecurity-enable.conf:
>
> ModSecurityEnabled on;
> ModSecurityConfig /etc/nginx/nginx-modsecurity.conf;

Did you disable the module just via configuration or did a full vanilla
nginx recompile, because the module could be still hooking in requests.

Also 2.8.0 seems a bit "oldish" since it's been released more than a year
ago https://github.com/SpiderLabs/ModSecurity/releases



Besides there are existing / confirmed memory leaks:

https://github.com/SpiderLabs/ModSecurity/issues/895

... and this discussion also might be related:
https://github.com/SpiderLabs/ModSecurity/issues/785


rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx