NGINX.COM
Web Server Load Balancing with NGINX Plus

NGINX, a part of F5, Inc., is pleased to announce that we have become the first Gold sponsor of the OWASP ModSecurity Core Rule Set (CRS) project.

The CRS is a set of web application firewall (WAF) rules which detect many kinds of attacks, including the OWASP Top Ten, with a minimum of false positives. Distributed under an open source license, the CRS is designed for use with ModSecurity – the world’s most popular open source WAF – and compatible WAFs. As the most widely used WAF rule set on the Internet, the CRS processes more than 100 terabits of traffic every second all over the globe.

The ModSecurity WAF for NGINX Open Source natively supports the CRS. For details on enabling the CRS with the ModSecurity WAF, see our documentation.

With our deep roots in the open source community, NGINX highly values other open source projects and the high level of innovation and collaboration across the community, which make technologies better – and safer. We appreciate the work done by the growing CRS community and know that many of our users and customers rely on the CRS to protect their sites and apps.

So sponsoring the CRS project was an obvious and easy choice for us. In previous collaborations with the CRS team, we’ve benefited greatly from their technical expertise around ModSecurity. We’ll continue to work behind the scenes with the team to ensure that NGINX users get the best possible security when integrating ModSecurity and the CRS with our software. With ModSecurity, CRS, and NGINX working together, we can identify security improvements, triage potential issues, find performance optimizations, and more. As a sponsor, NGINX looks forward to helping ensure the OWASP ModSecurity CRS project’s long‑term success.

You can see the CRS project’s announcement on its blog.

ModSecurity and NGINX: Tuning the OWASP Core Rule Set

Cover image

We discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it.

About The Author

Libby Meren

Principal Technical Program Manager

About F5 NGINX

F5, Inc. is the company behind NGINX, the popular open source project. We offer a suite of technologies for developing and delivering modern applications. Together with F5, our combined solution bridges the gap between NetOps and DevOps, with multi-cloud application services that span from code to customer.

Learn more at nginx.com or join the conversation by following @nginx on Twitter.