NGINX v1.27.4 + ModSecurity = broken wordpress sites

[Arien02]

Hello!

I have just updated NGINX from 1.27.3 to 1.27.4 and all my wordpress sites got broken, without any error messages in log files, just weird symbols and messages from browser.

I had to quick restore the backup, so the only capture I was able to make was this:

But it works without any problem with 1.27.3 no config files changes, no WP updates...

Have anyone faced this problem with new NGINX version?
What can I do to help debug this issue?

[Arien02]

Just for adding more info, there's another user reporting issues like mine with last Nginx verion and Modsecurity enabled:

nginx/nginx#465

And looking for more info, it seems to be a problem with ModSecurity-nginx connector, and some patches added few weeks ago that resulted in weird responses from server.

The mantainer said it was fixed with some patches 5 days ago, so I guess deb.myguard.nl compiled packges are still affected with this errors.

owasp-modsecurity/ModSecurity-nginx#336 (comment)
owasp-modsecurity/ModSecurity-nginx#336

@eilandert can you please take a look for those patches and rebuild NGINX+ModSecurity with new versions?

Thank you.

[eilandert]

HI!

Thank you for your research, I didn't know where to start looking yet :)
I am doing a full rebuild now, that includes a git pull for every module.

It should be online within the hour, please let me now how it goes

[Arien02]

@eilandert Sorry for the delayed reply, I just applied the update and now everything works as expected!

Thank you very much for your efforts.