The Nemesida WAF is a complex consisting of several components interacting with each other. Incorrect configuration of one of the components can lead to its malfunction or the malfunction of the entire complex. Below is a list of the main actions that must be performed to verify the correct configuration of each component of the Nemesida WAF.
Filtering node
The filtering node is designed to analyze requests and decide whether to block them in case of signs of attacks or other anomalies.
Installation and initial setup
When configuring the filtering node, it is necessary:
1. Check that the dynamic module is integrated into the Nginx web server;
2. Check that the version of the installed dynamic module (package nwaf-dyn) corresponds to the installed version of the Nginx web server;
3. Check that the required parameters are set in the /etc/nginx/nwaf/conf/global/nwaf.conf file.
More detailed information is available in the corresponding section of the manual.
Checking the configuration
Before checking the operation of the filtering node, you need to make sure that the Nginx web server configuration is correct and restart the services:
# nginx -t # systemctl restart nginx rabbitmq-server memcached nwaf_update mla_main api_firewall # systemctl status nginx rabbitmq-server memcached nwaf_update mla_main api_firewall
If there are no errors when checking the configuration and all services are active, then:
1. Check for possible errors in the logs:
/var/log/nwaf/mla.log;/var/log/nwaf/nwaf_update.log.
2. Check the presence of the file /etc/nginx/nwaf/rules.bin and its size. If the file is missing or empty, then you need to grant access to external resources.
3. We send a test request:
# curl -i http://WAF_SERVER/nwaftest
If everything is configured correctly, the response from the filtering node will contain the code 403, and a message will appear in the log /var/log/nginx/error.log:
Nemesida WAF: the request 5274fe3c397782a09b4f1b057e572e21 blocked by rule ID 1 in zone URL, ...
If the request is not blocked, then follow the steps from the corresponding section of the manual.
Nemesida AI
The machine learning module consists of the Nemesida AI MLA machine learning agent (included in the package nwaf-dyn and basically does not require configuration) and the Nemesida AI MLC machine learning module.
Installation and initial setup
When configuring the component, you need to check that:
1. Grant access to external resources;
2. The required parameters are set in the /opt/mlc/mlc.conf file;
3. Produced by setting up data collection to build a behavioral model.
Checking the configuration
When checking the Nemesida AI MLC configuration, it is necessary:
1. Restart the services and check their status:
# systemctl restart mlc_main rabbitmq-server memcached # systemctl status mlc_main rabbitmq-server memcached
2. Check for errors in the component log /var/log/nwaf/mlc.log.
Nemesida WAF API
The Nemesida WAF API is designed for components to interact with each other, as well as receiving information about incidents and identified vulnerabilities for transmission to the database.
Installation and initial setup
When configuring the component, you need to check that:
1. Grant access to external resources;
2. Required parameters are set in the /var/www/nw-api/settings.py file;
3. Made integration Nemesida WAF API with other components of Nemesida WAF.
More detailed information is available in the corresponding section of the manual.
Checking the configuration
When checking the Nemesida WAF API configuration, you must:
1. Restart the services and check their status:
# systemctl restart nw-api rldscupd nginx memcached # systemctl status nw-api rldscupd nginx memcached
2. Check for errors in the component log /var/log/uwsgi/nw-api/*.log;
3. Resend the test request to the filtering node:
# curl -i http://WAF_SERVER/nwaftest
If everything is configured correctly, then when the request is blocked by the filtering node, information about the blocked request will appear in the log /var/log/uwsgi/nw-api/nw-api-logging.log:
Updating description for RuleID 1 Request a9d946493221337236b41a7ad0a3120a (BT: 2, client: 1.1.1.1, server: example.com, WAF ID: 1234567890) received from 2.2.2.2
If the entry does not appear, then follow the steps from the corresponding section of the manual.
Nemesida WAF Cabinet
The component is designed to visualize and systematize information about attacks and identified vulnerabilities, as well as manage the settings of Nemesida WAF and Nginx web server.
Installation and initial setup
When configuring the component, you need to make sure that:
1. Grant access to external resources;
2. In the file /var/www/app/cabinet/settings.py required parameters are set;
3. There are no errors when performing migrations and creating an administrator:
Example output:
Operations to perform: Apply all migrations: admin, auth, contenttypes, main, sessions Running migrations: Applying main.0001_initial... OK Applying contenttypes.0001_initial... OK Applying admin.0001_initial... OK Applying admin.0002_logentry_remove_auto_add... OK Applying admin.0003_logentry_add_action_flag_choices... OK Applying contenttypes.0002_remove_content_type_name... OK ... Applying main.0091_userconfig_bt16... OK Applying main.0092_geo_tokens... OK Applying main.0093_wafuser_ec_toggle... OK Applying main.0094_alter_geo_tokens_waf_id... OK Applying main.0095_training... OK Applying sessions.0001_initial... OK Superuser's e-mai:
More detailed information is available in the corresponding section of the manual.
Checking the configuration
When checking the configuration of your Nemesida WAF Cabinet, you must:
1. Restart the services and check their status:
# systemctl restart nginx cabinet cabinet_ipinfo cabinet_attack_notification cabinet_cleaning_db cabinet_rule_update memcached # systemctl status nginx cabinet cabinet_ipinfo cabinet_attack_notification cabinet_cleaning_db cabinet_rule_update memcached
2. Check for errors in the component log /var/log/uwsgi/cabinet/*.log;
3. Resend the test request to the filtering node:
# curl -i http://WAF_SERVER/nwaftest
If everything is configured correctly, the request that was blocked will be displayed in the Nemesida WAF Cabinet. If the entry does not appear, then follow the steps from the corresponding section of the manual.