Nemesida WAF Free provides the base web application security against OWASP class attacks based on the signature method. Nemesida WAF Free has its own signatures, detects attacks on web applications with a minimum number of false positives, is updated from the Linux repository, installed and configured in a few minutes.
Nemesida WAF features:
- quick and easy start;
- installation and configuration in 10 minutes;
- minimum false positives;
- installation and update from the repository;
- the ability to connect to an already installed Nginx, starting from version 1.12;
- convenient personal account, the ability to integrate with SIEM systems.
The main limitation of Nemesida WAF Free affects the operation of the Nemesida AI machine learning subsystem, which allows you to detect attacks on web applications more accurately and with a minimum number of false positives. In addition, the Nemesida AI module successfully detects zero-day attacks. In the free version, the functionality of machine learning and the Nemesida WAF Scanner vulnerability scanner is not involved.
In addition, Nemesida WAF Free modifies the content of attack messages sent to the Nemesida WAF API:
- the
vhost
field is set toexample.com
; - the
referer
field is set toNemesida WAF Free
; - the non-empty
other_headers
field is set toNemesida WAF Free
.
# apt install apt-transport-https gnupg2
# wget -O- https://nemesida-security.com/repo/nw/gpg.key | apt-key add - # apt update && apt upgrade
# apt install apt-transport-https gnupg2
RabbitMQ is used for sending data to the Nemesida WAF API module.
1. Install the package:
# apt install rabbitmq-server
2. Check the correctness of the service:
# systemctl enable rabbitmq-server # service rabbitmq-server restart # service rabbitmq-server status
The dynamic module Nemesida WAF is available for:
- Nginx stable from
1.12
; - Nginx mainline from
1.15
; - Nginx Plus from
R16
.
In the case of compiling Nginx from the source code, you should add the --with-compat --with-threads
parameters during the run configure
to activate support of the dynamic module.
Set the operating system ID:
# rm -f /etc/machine-id # /bin/systemd-machine-id-setup
# apt install nwaf-dyn-1.22
where 1.22 is the version of the installed Nginx. For example, package of the dynamic module nwaf-dyn-1.22 is intended for work with Nginx version 1.22 and nwaf-dyn-plus-rX (where X is the number of release, started with R16) is intended for work with the last version of Nginx Plus (for example: nwaf-dyn-plus-r16).
Set the operating system ID:
# rm -f /etc/machine-id # /bin/systemd-machine-id-setup
# apt install nwaf-dyn-1.22
where 1.22 is the version of the installed Nginx. For example, package of the dynamic module nwaf-dyn-1.22 is intended for work with Nginx version 1.22 and nwaf-dyn-plus-rX (where X is the number of release, started with R16) is intended for work with the last version of Nginx Plus (for example: nwaf-dyn-plus-r16).
Set the operating system ID:
# rm -f /etc/machine-id # /bin/systemd-machine-id-setup
Configure the SELinux policy or deactivate it with the command:
# setenforce 0
then bring the file /etc/selinux/config
to the form:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
/etc/nginx/nginx.conf
to the form:
load_module /etc/nginx/modules/ngx_http_waf_module.so; ... worker_processes auto; ... http { ... ## # Nemesida WAF ## ## Request body is too large fix client_body_buffer_size 25M; include /etc/nginx/nwaf/conf/global/*.conf; ... }
nginx: [emerg] module "/etc/nginx/modules/ngx_http_waf_module.so" version 1017010 instead of 1022000 in /etc/nginx/nginx.conf:1
The error occurs when the versions of the installed dynamic module Nemesida WAF and Nginx do not match. In this case, 1017010
is the version of Nginx 1.17.10, for which the nwaf-dyn module was compiled, and 1022000
is Nginx 1.22.0 installed on the server. The dynamic module package nwaf-dyn-1.22 is designed to work with Nginx version 1.22, and nwaf-dyn-plus-r22 is designed to work with NGINX Plus R22.
Make the necessary changes to the configuration file /etc/nginx/nwaf/conf/global/nwaf.conf
:
Restart the server and test:
# systemctl restart nginx.service nwaf_update.service # systemctl status nginx.service nwaf_update.service
The service nwaf_update
is responsible for obtaining signatures of the Nemesida WAF software. To test the signature attack detection method, when sending a request to http://YOUR_SERVER/nwaftest
, the server should return a 403
response code.
After Nemesida WAF installation you can install Nemesida WAF API and Nemesida WAF Cabinet, which is intended to visualise and classify the information about attacks and identified vulnerabilities.