The dynamic module Nemesida WAF is available for:
- Nginx stable from
- Nginx mainline from
- Nginx Plus from
In the case of compiling Nginx from the source code, you should add the
--with-compat --with-threads parameters during the run
configure to activate support of the dynamic module.
Nemesida WAF is available as installation distributions for Linux OS, as well as Docker image and virtual disk (Virtual Appliance) for KVM/VMware/VirtualBox.
# apt install nwaf-dyn-1.18
where 1.18 is the version of the installed Nginx. For example, package of the dynamic module nwaf-dyn-1.12 is intended for work with Nginx version 1.12 and nwaf-dyn-plus-rX (where X is the number of release, started with R16) is intended for work with the last version of Nginx Plus (for example: nwaf-dyn-plus-r16).
Configure the SELinux policy or deactivate it with the command:
# setenforce 0
then bring the file
/etc/selinux/config to the form:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
Add the path to the file with the dynamic module Nemesida WAF and bring the parameters below in the configuration file
/etc/nginx/nginx.conf to the form:
# Nemesida WAF
## Request body is too large fix
nginx: [emerg] module "/etc/nginx/modules/ngx_http_waf_module.so" version 1017010 instead of 1018000 in /etc/nginx/nginx.conf:1
The error occurs when the versions of the installed dynamic module Nemesida WAF and Nginx do not match. In this case,
1017010 is the version of Nginx 1.17.10, for which the nwaf-dyn module was compiled, and
1018000 is Nginx 1.18.0 installed on the server. The dynamic module package nwaf-dyn-1.18 is designed to work with Nginx version 1.18, and nwaf-dyn-plus-r22 is designed to work with NGINX Plus R22.
To update signatures, provide access to
https://nemesida-security.com. When using a proxy server, specify it in the
nwaf_sys_proxy. For example:
Restart the server and test :
# systemctl restart nginx.service nwaf_update.service
# systemctl status nginx.service nwaf_update.service
nwaf_update is responsible for obtaining signatures of the Nemesida WAF software. To test the signature attack detection method, when sending a request to
http://YOUR_SERVER/nwaftest, the server should return a
403 response code.
After Nemesida WAF installation you can install Nemesida WAF API and Nemesida WAF Cabinet, which is intended to visualise and classify the information about attacks and identified vulnerabilities:
More detailed information on setting up and maintenance Nemesida WAF Free available in guide.