ModSecurity module documentation lacks in detail

[dwlnetnl]

I found that the documentation for the separate ModSecurity is a bit lacking in detail.

Given references to modsecurity_rules_file in the configuration example, I assume the module is some version of https://github.com/owasp-modsecurity/ModSecurity-nginx.

It is unclear to me if it is required to have multiple modsecurity on; directives in the configuration, like different servers or if it is shared.

When I enabled modsecurity for different servers the rules seem to be loaded for every instance. When the process is reloaded there seem to be some left over memory usage.

[VBart]

You're right; the link in our documentation is incorrect. It should point to: https://github.com/owasp-modsecurity/ModSecurity-nginx. Thank you for bringing this to our attention; we will update it shortly.

Please note that our 3rd-party module pages are intended as brief 'quick start' guides derived from official sources. As we do not maintain the code for these modules, we cannot serve as their primary documentation source. While we build these modules for convenience, any functional issues or documentation gaps should be reported directly to the original authors.

You can find the exact module versions in our 3rd-party module list. Adding this version information directly to each module's page would be helpful, and we will look into implementing that.

[VBart]

Most directives should follow the general inheritance rule if not specified otherwise in their documentation. But authors of third-party modules may not follow this logic and implement something else at their own discretion.