Modsecurity module for nginx



I was looking for Web Application Firewall solution and found
modsecurity (via apache) very useful. Only problem is that, it is GPLed
and can not be embedded in commercial product. Is it possible to write
modsecurity type module (with rule language) in nginx. Are sufficient
hooking of http request/response cycle within reverse proxy mode
available in nginx to fulfill modsecurity like functionality of “allow”
or “deny” some calls to the upstream server based on rules (xpath or
regex based)?


Posted at Nginx Forum:,1996,1996#msg-1996