nginx/1.9.9 with modsecurity/2.9.0 crashes with segfault and worker process exited on signal 11

Felipe Zimmerle felipe at
Mon Jan 11 16:12:00 UTC 2016

Hi Lukas,

On Sun, Jan 10, 2016 at 11:05 AM Lukas <l at> wrote:

> I found that recommendation.  Since I also read that it would not be
> fully compatible with OWASP/CRS I have not given it a try.
> What is the situation regrading OWASP/CRS?

Currently there are three different versions of ModSecurity for nginx:

- Version 2.9.0: That is the last released version, I think that is the one
that you are using.
- nginx_refactoring: That version contains some fixes on the top of v2.9.0,
but those fixes may lead to instabilities depending on your configuration.
- ModSecurity-connector: That is something that still under development and
we have some work to do, to be exactly:

Only use the ModSecurity-connector if you understands well the ModSecurity
rules and the consequences of the missing pieces.

Further information about libModSecurity can be found here:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list