DevSecOps case study 1:

if your client has 5 years ago chosen a convenient repack of Nginx like OpenResty or OpenWAF as their main web server, you may not be pleased to learn that both of them were discontinued (OpenWAF in 2017) or barely updated (OpenResty half year ago).

Strategically it would be perhaps better to use a native Nginx package from Nginx upstream and internally compile NAXSI into a DEB - at least you'd be running an up-to-date Nginx.

Now I had to upgrade from 1.7 (!).