I was installed nginx webserver with pkg : pkg install nginx now uninstall that? How?
And in port, I was install www/nginx and ticked modsecurity on install configuration but when in nginx.conf sets ModSecurityEnabled on; now how set the default WAF protection rules on nginx?
Still one issue that was problematic - and made me move mod_sec back to the backend Apache - was it doesn't seem possible to use "SecRuleRemoveById" inside a Nginx "location". It seems it's only possible to either globally disable or enable rules - unlike in Apache where you can disable rules on a location / directory base.