Include /etc/nginx/modsec/modsecurity.conf Include /etc/nginx/modsec/owasp-modsecurity-crs/crs-setup.conf Include /etc/nginx/modsec/owasp-modsecurity-crs/rules/*.conf # Basic test rule # Source: https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/ SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403" # Allow PUT and DELETE methods SecAction "id:900200,phase:1,nolog,pass,t:none,setvar:'tx.allowed_methods=DELETE GET HEAD POST PUT OPTIONS'"