I let dev Anoop answer to you... he has a clue about the issue : https://github.com/SpiderLabs/ModSecurity-nginx/issues/45 Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273274,273444#msg-273444