Hi Tobias, thanks for your patches.
As you know :) since Bookworm Nginx is also able to work as WAF with libmodsecurity3, and can use modsecurity-crs. This means the package modsecurity-crs does not need to depend on Apache in the future. And this implies that after install/upgrade the package won't know what should it reload: Apache or Nginx? I think we have to review the whole package structure in the future, because if the CRS 4.0 will be released, then we must change the structure, see #1036353[1]. Thanks again to your report and for the patches. a. 1: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036353
