> security_mod disabled now. but the config is
> nginx-modsecurity-enable.conf:
>
> ModSecurityEnabled on;
> ModSecurityConfig /etc/nginx/nginx-modsecurity.conf;
Did you disable the module just via configuration or did a full vanilla
nginx recompile, because the module could be still hooking in requests.
Also 2.8.0 seems a bit "oldish" since it's been released more than a year
ago https://github.com/SpiderLabs/ModSecurity/releases
Besides there are existing / confirmed memory leaks:
https://github.com/SpiderLabs/ModSecurity/issues/895
... and this discussion also might be related:
https://github.com/SpiderLabs/ModSecurity/issues/785
rr
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx