noarch GetPageSpeed extras repository for Amazon Linux 2023 |
Subscribe

How to install nginx-owasp-crs (noarch)

OWASP ModSecurity Core Rule Set for Nginx

License: Apache-2.0 https://github.com/coreruleset/coreruleset

Install

sudo yum -y install https://extras.getpagespeed.com/release-latest.rpm
sudo yum -y install nginx-owasp-crs

Description

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.

RPMs

nginx-owasp-crs-4.24.1-1.amzn2023.noarch [236 KiB]
Danila Vershinin (2026-03-10) - Added AI coding assistant artifact protection. · - Expanded Scanner Agents for improved detection. · - Fixed user agent string matching issues. · - Prevented double inspection of cookies. · - Added OWASP Nettacker to known scanners list. · - Refactored multiple .ra files for better organization. · - Improved documentation on threshold alerts.
nginx-owasp-crs-4.24.0-1.amzn2023.noarch [233 KiB]
Danila Vershinin (2026-03-01) - Added detection for Smarty template PHP tags. · - Improved regex performance with lazy evaluation. · - Reduced false positives in various detections. · - Enhanced handling of multi-byte UTF-8 characters. · - Updated rules to regex-assembly for better efficiency. · - Fixed issues with JSON variable names in libmodsecurity. · - Added exclusions for Google Funding Choices cookie.
nginx-owasp-crs-4.23.0-1.amzn2023.noarch [232 KiB]
Danila Vershinin (2026-02-05) - Added rule to enforce content-type for requests with a body. · - Introduced detection for Vite.js path traversal vulnerability. · - Blocked fake 'mozilla/5.g' user-agent. · - Resolved false positives with ad and tracker cookies. · - Improved handling of malformed URLs in SSRF rules. · - Prevented upload of PHP session files. · - Updated rules for restricted files and file extensions.
nginx-owasp-crs-4.22.0-1.amzn2023.noarch [228 KiB]
Danila Vershinin (2026-01-06) - Fixed critical issue 9AJ-260102. · - Added sequence for CVE-2025-55182 POCs. · - Reduced false positives in rules. · - Improved handling of arrays in ARGS_NAMES. · - Updated regex for Rust compatibility. · - Dropped older spelling variants.
nginx-owasp-crs-4.21.0-1.amzn2023.noarch [227 KiB]
Danila Vershinin (2025-12-03) - Added IPv6 support and XML scan for SSH scheme. · - Introduced new restricted file extensions detection. · - Improved unit tests for double comment handling. · - Fixed multiple blocking issues in rules. · - Corrected function names in several rules. · - Reduced false positives for substring detections. · - Added help documentation for non-English users.
nginx-owasp-crs-4.20.0-1.amzn2023.noarch [226 KiB]
Danila Vershinin (2025-11-03) - Updated restricted file extensions for enhanced security. · - Added configuration files for PrestaShop and Magento. · - Included 'expect' header in restricted headers list. · - Fixed missing capture keyword issue. · - Reduced false positives with JSON payloads. · - Corrected rules to block instead of pass. · - Updated regex to handle new payload formats.
nginx-owasp-crs-4.19.0-1.amzn2023.noarch [225 KiB]
Danila Vershinin (2025-10-03) - upstream release v4.19.0
nginx-owasp-crs-4.18.0-1.amzn2023.noarch [225 KiB]
Danila Vershinin (2025-09-04) - upstream release v4.18.0
nginx-owasp-crs-4.17.1-1.amzn2023.noarch [227 KiB]
Danila Vershinin (2025-08-06) - upstream release v4.17.1
nginx-owasp-crs-4.17.0-1.amzn2023.noarch [227 KiB]
Danila Vershinin (2025-08-01) - upstream release v4.17.0
nginx-owasp-crs-4.16.0-1.amzn2023.noarch [223 KiB]
Danila Vershinin (2025-06-30) - upstream release v4.16.0