INSTALL: advise to use release zips, remove upgrade.py, update Nginx

Author: lifeforms

INSTALL

@@ -29,25 +29,21 @@ Installing From a Package Manager
 
     modsecurity-crs  - Debian
     mod_security_crs - Fedora
-    modsecurity-crs  - Gentoo 
+    modsecurity-crs  - Gentoo
 
     Packages of CRS 2.x are incompatible with CRS 3.x.
 
-Installing From Git
-===================
+Installing
+==========
 
-    Github is the preferred way to download and install CRS. Doing so
-    insures that you have the most recent version of the rules. We
-    encourage you to create scripts that will automatically download
-    updates at regular intervals so that you may be protected against
-    the latest threats that CRS adds protection for.
+    You can download a copy of the CRS from the following URL:
+    https://coreruleset.org/installation/
 
-    The script util/upgrade.py is an example for script. You can use
-    it as follows:
+    Our release zip/tar.gz files are the preferred way to install CRS.
 
-    ```
-    ./util/upgrade.py --crs
-    ```
+    However, if you want to follow rule development closely and get
+    the newest protections quickly, you can also clone our GitHub
+    repository to get the current work-in-progress for the next release.
 
 Prerequisites
 -------------
@@ -85,20 +81,19 @@ Installing on Apache
     to create a new folder underneath the Apache directory (typically
     /usr/local/apache/, /etc/httpd/, or /etc/apache2). Often this folder
     is called 'modsecurity.d'. Create this folder and cd into it.
-    4. Clone the repository into the modsecurity.d folder using:
-    ```git clone https://github.com/SpiderLabs/owasp-modsecurity-crs .```
-    This will create a new owasp-modsecurity-crs folder.
+    4. Download our release from https://coreruleset.org/installation/
+    and unpack it into a new owasp-modsecurity-crs folder.
     5. Move the crs-setup.conf.example file to crs-setup.conf.
     Please take the time to go through this file and customize the settings
-    for your local environment. Failure to do so may result in false 
-    negatives and false positives. See the section entitled OWASP CRS 
+    for your local environment. Failure to do so may result in false
+    negatives and false positives. See the section entitled OWASP CRS
     Configuration for more detail.
     6. Rename rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example and
     rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example to remove the
     '.example' extension. This will allow you to add exclusions without updates
     overwriting them in the future.
-    7. Add the following line to your httpd.conf/apache2.conf (the following 
-    assumes you've cloned CRS into modsecurity.d/owasp-modsecurity-crs). You 
+    7. Add the following line to your httpd.conf/apache2.conf (the following
+    assumes you've put CRS into modsecurity.d/owasp-modsecurity-crs). You
     can alternatively place these in any config file included by Apache:
     ```
 	<IfModule security2_module>
@@ -121,8 +116,8 @@ Installing on Nginx
     to create a new folder underneath the Nginx directory (typically
     /usr/local/nginx/conf/). Often this folder
     is called 'owasp-modsecurity-crs'. Create this folder and cd into it.
-    4. Clone the repository into the current folder using:
-    ```git clone https://github.com/SpiderLabs/owasp-modsecurity-crs .```
+    4. Download our release from https://coreruleset.org/installation/
+    and unpack it into a new owasp-modsecurity-crs folder.
     5. Move the crs-setup.conf.example file to crs-setup.conf.
     Please take this time to go through this
     file and customize the settings for your local environment. Failure to
@@ -147,6 +142,12 @@ Installing on Nginx
     include owasp-modsecurity-crs/crs-setup.conf
     include owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
     include owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
+    include owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
+    include owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
+    include owasp-modsecurity-crs/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
+    include owasp-modsecurity-crs/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf
+    include owasp-modsecurity-crs/rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf
+    include owasp-modsecurity-crs/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf
     include owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
     include owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf
     include owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
@@ -158,9 +159,11 @@ Installing on Nginx
     include owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
     include owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
     include owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
+    include owasp-modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf
     include owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
     include owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
     include owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
+    include owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-JAVA.conf
     include owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
     include owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
     include owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
@@ -181,8 +184,8 @@ Installing on IIS
     To upgrade or install this after the fact follow the following
     steps.
     1. Navigate to "[drive_letters]:\Program Files\ModSecurity IIS\"
-    2. Clone the repository into the current folder using:
-    ```git clone https://github.com/SpiderLabs/owasp-modsecurity-crs```
+    2. Download our release from https://coreruleset.org/installation/
+    and unpack it into the current folder.
     3. Move the crs-setup.conf.example file to crs-setup.conf.
     Please take this time to go through this
     file and customize the settings for your local environment. Failure to
@@ -290,16 +293,7 @@ OWASP CRS Configuration
     Make sure your GeoIP and Project Honeypot settings are specified
     if you are using them.
     The GeoIP database is no longer included with the CRS. Instead
-    you are advised to download it regularly. The script
-    util/upgrade.py brings this functionality.  You can use it as
-    follows in cron:
-
-    ```
-    0 2 * * *  util/upgrade.py --geoip --cron
-
-    ```
-    The use of the option --cron guarantees that the GeoIP
-    download server is not hammered.
+    you are advised to download it regularly.
 
     The use of Project Honeypot requires a
     free API key. These require an account but can be obtained at