The plans, the main opportunities, the features and technical specifications of Nemesida WAF.

General information

Active users: 400+
  • On-premises software
  • Does not use cloud computing
  • Does not transmit traffic and other sensitive data outside the perimeter
WAF operation mode IPS, IDS and combined
Delivery type
Demonstration stand

🔗 Plan features

Features Light Business Enterprise
General information
On-premises software yes
No artificial restrictions on traffic, RPS and the number of virtual hosts yes
Support for community edition with limited functionality yes
The index of protection against attacks ~ 46.62% up to 99.98%
Installation and scaling
Support for Active-Active and Active-Passive cluster yes
Support for fault-tolerant operation of components yes
Support for multinode WAF intallation yes
Support for multitenancy mode installation yes
Support for reverse proxy mode yes
Support for deployment in a virtual environment yes
Support for deployment in Docker containers yes
Request processing
Checking requests for RFC compliance yes
Deep Inspection of HTTP(s) requests yes
Support for HTTP/2 yes
Support for WebSockets yes
Support for HTML5 yes
Support for JSON yes
Processing XML documents and SOAP requests yes
Termination of SSL/TLS traffic yes**
Detection of attacks
Detection of attacks by the signature method yes
Attack detection by the AI/ML n/a yes
Class of blocked attacks SQLi, RCE, OS Injection, SSTI, LDAP, NoSQL, XSS, XXE, Information Leakage, Path Traversal, Open Redirect, Web Shell, RFI/LFI, SSRF, DDoS L7, bruteforce, flood etc.
Protection against threats of the OWASP class yes
Blocking an individual request yes
Protection from bots: detection of DDoS L7, bruteforce, flood and other parasitic traffic yes
Protection based on the principle of a “black” list of IP addresses yes
Blocking attempts to exploit zero-day vulnerabilities n/a yes
Analysis of the behavioral activity of web application users n/a yes
API Firewall
(OpenAPI, Swagger)
n/a yes
WAF Management Interface
Managing settings using the web interface and API yes
Role-based system access system (administrator – user) yes
Creating a “white” list of signatures yes
Creating personal blocking rules yes
Flexible filtering of incidents by specified criteria yes
Manual and automatic aggregation of incidents by attack type, parameter name, URL, IP address yes
Setting up reporting to get summary information on security events (attack schedule, detailed reports in PDF and CSV formats) yes
Email notifications about attacks yes
Creating virtual patching rules Manually Automatically and manually
Verification of an attack using a built-in dynamic scanner n/a yes
Additional features
Getting extended IP address information* yes
Centralized collection of Nemesida WAF component operation events yes
Centralized collection of information on detected attacks/anomalies yes
The ability to send operation events of Nemesida WAF components to third-party systems yes
Getting information about Nemesida WAF component operation events using the web interface and API n/a yes
Getting information about detected attacks/anomalies using the web interface and API yes
Integration with third-party
TI-systems (Threat Intelligence) based on black/white lists
Integration with third-party AntiDDoS systems for synchronization of black/white lists yes
Finding the flaws of Web applications using Nemesida WAF Scanner n/a yes

* Obtaining extended information about the IP address allows you to determine the geographical location based on the IP address, check the presence of the address in the lists of proxy servers: Tor, VPN, Mobile or hosting sites, etc. The functionality is included in the software price and does not require the connection of third-party databases.
** SSL termination is configured by means of a web server.

🔗 Nemesida® AI – a machine learning module

Accuracy of identification of the attacks Nemesida AI is about 53.04%* more efficient than signature analysis.
Machine learning method The Nemesida WAF operation is based on classical machine learning algorithm «Random Forest», that is able to detect attack with minimum response time, nearly without false positives.
Hardware resource requirements Unlike training models using neural networks, classical machine learning algorithms do not require much processing power, so the processor of the Intel Core i3 family or higher will be sufficient for calculations.
Additional features
  • Adaptation of WAF to a mutable application
  • Automatic creation of behavioral models
  • Detection of anomalies and assessment of their severity level
  • Identification of new signs of attacks, including the identification of «zero day» attacks
  • Behavioral models management interface (additional training of models)
  • Ability to change the training period of behavioral models
  • Additional training of models using a backup copy of the training sample

* Test result of Nemesida WAF using only signature analysis and AI/ML (detection accuracy: 46.62% and 99.66%, respectively). The testing was performed using the specialized WAF Bypass Tool. Based on the test results, the use of machine learning improves detection accuracy by 53.04%.

The result of testing Nemesda WAF
Diagram of Nemesida WAF modules interaction

1 Includes Nginx, the Nemesida WAF dynamic module and the Nemesida AI MLA machine learning agent.

  • Nemesida WAF dynamic module carries out a signature analysis of requests coming to the server and, based on the behavioral models built by Nemesida AI MLC, makes a decision to block them or transfer them to other modules.
  • Nemesida AI MLA machine learning module applies behavioral models built by Nemesida AI MLC to requests received from the dynamic module and sends a blocking command.
  • Nemesida AI MLC machine learning module is designed to build behavioral models and detect other anomalies (for example, Brute-force, Flood, DDoS L7).
  • The Nemesida WAF API is designed to receive information about attacks and identified vulnerabilities, as well as transmit information about blocked requests and the results of the Nemesida AI and Nemesida WAF Scanner modules to the PostgreSQL DBMS.
  • Nemesida WAF Cabinet is designed for visualization and analysis of the events of the components from the PostgreSQL DBMS, management of Nemesida WAF settings, management of OpenAPI query schemes, configuration of the use of behavioral models built and applied by the Nemesida AI module, as well as systematization of information about anomalies and identified vulnerabilities.
  • The Nemesida WAF Scanner Vulnerability Scanner is designed to detect vulnerabilities in a protected web application.


(annual subscription)
Light Business Enterprise
Basic license $3,800* $12,000* **
Additional license $770 $2,500 **
Additional behavioral model n/a $300
per model
The number of free behavioral models included in the plan n/a 1 5
Basic technical support Included in plan price
(by email)

* 30% discount on renewal of the annual subscription) from the current cost of the plan at the time of renewal.
** The price is available on request.

Try Nemesida WAF for free

Nemesida WAF is well-scalable, does not have any limitations of virtual hosts or traffic and auxiliary modules such as vulnerability scanner, virtual patching and cabinet will make your work with Nemesida WAF easy and transparent. Now it is not required to make exclusion rules – machine learning module will adapt to any web application. You can inspect incidents and enjoy the work with Nemesida WAF. Request a fully-featured trial by sending request to