owasp-modsecurity · airween · Feb 22, 2026 · Feb 19, 2026 · Feb 22, 2026
diff --git a/Makefile.am b/Makefile.am
@@ -35,10 +35,6 @@ test: check
 test-regression:
 	(cd tests && $(MAKE) test-regression)
 
-test-regression-nginx:
-	(cd tests && $(MAKE) test-regression-nginx)
-
-
 cppcheck:
 	@cppcheck \
 	    -j `getconf _NPROCESSORS_ONLN 2>/dev/null || sysctl -n hw.ncpu || echo 1` \
@@ -58,8 +54,7 @@ cppcheck:
 	    --inconclusive \
 	    --template="warning: {file},{line},{severity},{id},{message}" \
 	    --error-exitcode=1 \
-		standalone/ \
-	    nginx/
+		standalone/ 
 
 check-static: cppcheck
 

diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
@@ -91,7 +91,7 @@
 TreeRoot DSOLOCAL *conn_write_state_suspicious_list = 0;
 
 
-#if defined(WIN32) || defined(VERSION_NGINX)
+#if defined(WIN32)
 int (*modsecDropAction)(request_rec *r) = NULL;
 #endif
 static int server_limit, thread_limit;
@@ -196,7 +196,7 @@
            msc_string *var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));

            var->value = (char *)actionset->intercept_pause;
            var->value_len = strlen(actionset->intercept_pause);
            expand_macros(msr, var, NULL, msr->mp);

            pause = atoi(var->value);
@@ -235,7 +235,7 @@
             break;
 
         case ACTION_PROXY :
-#if !(defined(VERSION_IIS)) && !(defined(VERSION_NGINX)) && !(defined(VERSION_STANDALONE))
+#if !(defined(VERSION_IIS)) && !(defined(VERSION_STANDALONE))
             if (msr->phase < 3) {
                 if (ap_find_linked_module("mod_proxy.c") == NULL) {
                     log_level = 1;
@@ -275,7 +275,7 @@
             /* ENH This does not seem to work on Windows. Is there a
              *     better way to drop a connection anyway?
              */
-            #if !defined(WIN32) && !defined(VERSION_NGINX)
+            #if !defined(WIN32)
             {
                 extern module core_module;
                 apr_socket_t *csd;
@@ -343,7 +343,7 @@
                msc_string *var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));

                var->value = (char *)actionset->intercept_uri;
                var->value_len = strlen(actionset->intercept_uri);
                expand_macros(msr, var, NULL, msr->mp);

                apr_table_setn(msr->r->headers_out, "Location", var->value);
@@ -608,10 +608,10 @@
     char *server_version = NULL;
 
     /* This is a very particular way to handle the server banner. It is Apache
-     * only. Stanalone and descendants should address that in its specifics
-     * implementations, e.g. Nginx module.
+     * only. Standalone and descendants should address that in its specifics
+     * implementations, e.g. IIS module.
      */
-#if !(defined(VERSION_IIS)) && !(defined(VERSION_NGINX)) && !(defined(VERSION_STANDALONE))
+#if !(defined(VERSION_IIS)) && !(defined(VERSION_STANDALONE))
     if (new_server_signature == NULL) return 0;
 
     server_version = (char *)apache_get_server_version();
@@ -1217,7 +1217,7 @@
        }
    }

    limit = limit - strlen(str2) - 5;
    if (limit <= 0) {
        msr_log(msr, 1, "Audit Log: Atomic PIPE write buffer too small: %d", PIPE_BUF);
        return;

diff --git a/apache2/msc_release.h b/apache2/msc_release.h
@@ -49,19 +49,14 @@
   MODSEC_VERSION_SUFFIX
 
 /* Apache Module Defines */
-#ifdef	VERSION_IIS
-#define MODSEC_MODULE_NAME "ModSecurity for IIS (STABLE)"
+#if defined(VERSION_IIS)
+  #define MODSEC_MODULE_NAME "ModSecurity for IIS (STABLE)"
+#elif defined(VERSION_STANDALONE)
+  #define MODSEC_MODULE_NAME "ModSecurity Standalone (STABLE)"
 #else
-#ifdef	VERSION_NGINX
-#define MODSEC_MODULE_NAME "ModSecurity for nginx (STABLE)"
-#else
-#ifdef	VERSION_STANDALONE
-#define MODSEC_MODULE_NAME "ModSecurity Standalone (STABLE)"
-#else
-#define MODSEC_MODULE_NAME "ModSecurity for Apache"
-#endif
-#endif
+  #define MODSEC_MODULE_NAME "ModSecurity for Apache"
 #endif
+
 #define MODSEC_MODULE_VERSION MODSEC_VERSION
 #define MODSEC_MODULE_NAME_FULL MODSEC_MODULE_NAME "/" MODSEC_MODULE_VERSION " (http://www.modsecurity.org/)"
 

diff --git a/apache2/msc_status_engine.c b/apache2/msc_status_engine.c
@@ -361,8 +361,6 @@ int DSOLOCAL msc_beacon_string (char *beacon_string, int beacon_string_max_len)
     modsec = MODSEC_VERSION;
 #ifdef VERSION_IIS
     apache = "IIS";
-#elif VERSION_NGINX
-    apache = "nginx";
 #else
     apache = real_server_signature;
 #endif

diff --git a/configure.ac b/configure.ac
@@ -189,7 +189,7 @@ fi
 # Standalone Module
 AC_ARG_ENABLE(standalone-module,
               AS_HELP_STRING([--enable-standalone-module],
-                             [Enable building standalone module.]),
+                             [Enable building standalone module (IIS, test server). Note: NGINX support has been removed.]),
 [
   if test "$enableval" != "no"; then
     build_standalone_module=1
@@ -297,7 +297,6 @@ if test "$build_docs" -eq 1; then
        AC_CONFIG_FILES([doc/doxygen-apache])
     fi
     if test "$build_standalone_module" -eq 1; then
-       AC_CONFIG_FILES([doc/doxygen-nginx])
        AC_CONFIG_FILES([doc/doxygen-iis])
        AC_CONFIG_FILES([doc/doxygen-standalone])
     fi
@@ -937,7 +936,6 @@ AC_CONFIG_FILES([apache2/Makefile])
 fi
 if test "$build_standalone_module" -ne 0; then
 AC_CONFIG_FILES([standalone/Makefile])
-AC_CONFIG_FILES([nginx/modsecurity/config])
 fi
 if test "$build_extentions" -ne 0; then
 AC_CONFIG_FILES([ext/Makefile])

diff --git a/doc/Makefile.am b/doc/Makefile.am
@@ -6,9 +6,6 @@ iis:
 	$(DOXYGEN) doxygen-iis
 	touch iis.stamp
 
-nginx:
-	$(DOXYGEN) doxygen-nginx
-	touch nginx.stamp
 
 standalone:
 	$(DOXYGEN) doxygen-standalone
@@ -20,8 +17,8 @@ all-local: apache
 endif
 
 if BUILD_STANDALONE_MODULE
-all-local: iis nginx standalone
+all-local: iis standalone
 endif
 
 clean-local:
-	rm -rf apache iis nginx standalone
+	rm -rf apache iis standalone
diff --git a/doc/doxygen-apache.in b/doc/doxygen-apache.in
@@ -44,7 +44,7 @@ PROJECT_NUMBER         =
 # for a project that appears at the top of each page and should give viewer a
 # quick idea about the purpose of the project. Keep the description short.
 
-PROJECT_BRIEF          = "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence."
+PROJECT_BRIEF          = "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache and IIS that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence."
 
 # With the PROJECT_LOGO tag one can specify a logo or an icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55

diff --git a/doc/doxygen-iis.in b/doc/doxygen-iis.in
@@ -44,7 +44,7 @@ PROJECT_NUMBER         =
 # for a project that appears at the top of each page and should give viewer a
 # quick idea about the purpose of the project. Keep the description short.
 
-PROJECT_BRIEF          = "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence."
+PROJECT_BRIEF          = "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache and IIS that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence."
 
 # With the PROJECT_LOGO tag one can specify a logo or an icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55