Interaction with external resources
During operation, Nemesida WAF components access
Request a license key to evaluate all the benefits of Nemesida WAF in 14 days for free.
Docker Image and Virtual Appliance
Nemesida WAF is available as installation distributions for Linux OS, in the form of Docker image and virtual disk for KVM/VMware/VirtualBox and Yandex VM.
Each instance of the Nemesida WAF dynamic module for Nginx (
nwaf-dyn installation package) must use a unique license key (license). The license includes the right to use all components included in Nemesida WAF, updates and technical support. The license is granted for one calendar year.
Diagram of Nemesida WAF modules interaction
- Nemesida WAF dynamic module carries out a signature analysis of requests coming to the server and, based on the behavioral models built by Nemesida AI MLC, makes a decision to block them or transfer them to other modules.
- Nemesida AI MLA 1 machine learning module applies behavioral models built by Nemesida AI MLC to requests received from the dynamic module and sends a blocking command.
- Nemesida AI MLC 1 machine learning module is designed to build behavioral models and detect other anomalies (for example, Brute-force, flood, DDoS L7).
- Nemesida WAF API is designed to receive information about attacks and detected vulnerabilities, as well as transmit information about blocked requests and the results of the Nemesida AI and Nemesida WAF Scanner modules in the PostgreSQL DBMS.
- Nemesida WAF Cabinet is designed to visualize and analyze the events of the components from the PostgreSQL DBMS, as well as systematize information about anomalies and identified vulnerabilities.
- Nemesida WAF Signtest module tweaks the use of the models built and applied by the Nemesida AI module.
- Vulnerability Scanner Nemesida WAF Scanner is designed to identify vulnerabilities in a protected web application.
1 Attack detection using machine learning is only available for Business and Enterprise plans.
For the effective operation of Nemesida WAF components, it is recommended to use servers with the following technical characteristics:
Nemesida WAF Installation Packages
nwaf-dyn – dynamic module Nemesida WAF for Nginx and Nemesida AI MLA machine learning agent, is intended to detect and/or block anomalies using signature analysis and behavioral models, as well as traffic transfer for further processing via RabbitMQ to the Nemesida AI MLC module.
nwaf-mlc – machine learning module Nemesida AI MLC, is intended to build behavioral models and identify other anomalies (for example, DDoS L7, attacks by brute force, etc.).
nwaf-api – Nemesida WAF API module is intended to transmit information about blocked requests and the results of the Nemesida AI and Nemesida WAF Scanner modules to the PostgreSQL DBMS.
nwaf-cabinet – Nemesida WAF Cabinet module is intended for visualization and analysis of events of components from the PostgreSQL DBMS.
nwaf-st – Nemesida WAF Signtest module is intended to manage the training of the Nemesida AI module.
nwaf-scanner – Nemesida WAF Scanner vulnerability scanner.
Auxiliary modules are not available for distributions using a deprecated version of Python. Before installing the auxiliary module, we recommend that you familiarize yourself with the list of supported distributions posted on the page of each module.
Nemesida WAF Cluster ¶
Enables automatic synchronization of the settings of the dynamic module Nemesida WAF, Nemesida AI MLC and the list of blocked IP addresses between servers. The functionality is useful in cases when several instances of the Nemesida WAF dynamic module are used as part of a cluster.
For Nemesida WAF to work as part of a cluster, all license keys used must have a single WAF ID (an identifier that allows you to combine different license keys into a group). To group the license keys into a single
WAF ID, send a request to email@example.com .
Behavioral machine learning models, as well as queries exported via the Nemesida WAF Signtest functionality, will be automatically uploaded to all cluster instances in accordance with the
WAF ID. For more accurate detection of attacks, it is recommended to use one installed instance of the Nemesida AI MLC module at one time.
Exclusion rules (WL) and extended blocking rules (ERL) are applied to all instances of the Nemesida WAF dynamic module that have a single
Error message sources
During the operation of Nemesida WAF, error information may contain:
- in the OS system logs;
- in the Nginx work log;
- in the RabbitMQ work log;
- in the Nemesida WAF module operation log
For Nemesida WAF Free users, technical support is provided only on forum.
In case of unforeseen errors in the Nemesida WAF operation, contact technical support by phone +7 (495) 204-19-72, email or leave a message at forum.
example.com together with subdomains, it is used as an example in the manuals.