How to install nginx-owasp-crs (noarch)
OWASP ModSecurity Core Rule Set for Nginx
License: Apache-2.0
https://github.com/coreruleset/coreruleset
Install
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm sudo dnf -y install nginx-owasp-crs
Description
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
RPMs
nginx-owasp-crs-4.27.0-1.fc44.noarch
[241 KiB]
Danila Vershinin (2026-06-02)
—
- Removed dependency on content-type header for improved reliability.
nginx-owasp-crs-4.26.0-1.fc44.noarch
[241 KiB]
Danila Vershinin (2026-05-04)
—
- Added WhatWAF and ghauri to scanner list. · - Expanded Scanner User Agents List and OS files list. · - Enhanced detection for Server-Side Template Injection attacks. · - Fixed false positives related to parameter names and payloads. · - Updated restricted files to include Perl subdirectories. · - Dropped HTTP/0.9 GET support from request line validation. · - Required path prefix for certain local file inclusion checks.
nginx-owasp-crs-4.25.0-1.fc44.noarch
[238 KiB]
Danila Vershinin (2026-03-29)
—
- Fix CVE-2026-33691: prevent whitespace padding bypass in file uploads. · - Add AWS security agent to user agents data. · - Introduce shell fork bomb detection rule. · - Refactor multiple rule files for improved organization. · - Harden GitHub Actions workflows for better security. · - Update list of Unix commands for accuracy. · - Allow rule exclusions for specific targets.