How to install nginx-owasp-crs (noarch)
OWASP ModSecurity Core Rule Set for Nginx
Install
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm sudo dnf -y install nginx-owasp-crs
Description
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
RPMs
| Package | Size | Changelog |
|---|---|---|
| nginx-owasp-crs-4.27.0-1.fc44.noarch | 241 KiB |
Danila Vershinin (2026-06-02) - Removed dependency on content-type header for improved reliability. |
| nginx-owasp-crs-4.26.0-1.fc44.noarch | 241 KiB |
Danila Vershinin (2026-05-04) - Added WhatWAF and ghauri to scanner list. · - Expanded Scanner User Agents List and OS files list. · - Enhanced detection for Server-Side Template Injection attacks. · - Fixed false positives related to parameter names and payloads. · - Updated restricted files to include Perl subdirectories. · - Dropped HTTP/0.9 GET support from request line validation. · - Required path prefix for certain local file inclusion checks. |
| nginx-owasp-crs-4.25.0-1.fc44.noarch | 238 KiB |
Danila Vershinin (2026-03-29) - Fix CVE-2026-33691: prevent whitespace padding bypass in file uploads. · - Add AWS security agent to user agents data. · - Introduce shell fork bomb detection rule. · - Refactor multiple rule files for improved organization. · - Harden GitHub Actions workflows for better security. · - Update list of Unix commands for accuracy. · - Allow rule exclusions for specific targets. |