The NGINX web application firewall (WAF) protects against Layer 7 attacks such as SQLi, XSS, CSRF, LFI, RFI, and more. The NGINX WAF is based on ModSecurity.
Support details: Supported by NGINX for active NGINX Plus subscribers
Supported OS versions: NGINX Plus Technical Specifications
Installation instructions: NGINX Plus Admin Guide
Configuration and additional info: NGINX WAF documentation