A guide to using a cloud web application to manage Nemesida WAF settings.
The settings management functionality is enabled by default, but it can be disabled by sending a request to email.
The cloud web application allows you to manage:
- settings of the Nemesida WAF dynamic module;
- Nemesida AI MLC settings;
- behavioral models;
- synchronization of the settings of the dynamic module Nemesida WAF and Nemesida AI MLC;
- signature exclusion rules and extended blocking rules.
First launch
After performing the initial configuration of servers with Nemesida WAF modules installed, you can complete the configuration using a web application. The details for the first connection are used as an email (login) and a license key (one-time password). In the future, you cannot use the license key as a password, so after a successful login, you need to set a new password and enable two-factor authentication.
Keys
Section is intended for adding license keys. It is presented in the form of a table, where the following are indicated:
- description of the key;
- plan;
- access to the functionality of the cloud API;
- license key expiration date;
- number of available behavioral models;
- WAF ID;
- available actions on the key.
To add a new key to the list, click , where we specify the license key and its description.
Actions on the key
You can perform 3 actions with the license key:
- create an identification token;
- change the description;
- delete from the list.
An identification token is used instead of a license key to manage Nemesida WAF settings using the cloud API.
Nemesida WAF dynamic module
After clicking on the Nemesida WAF dynamic module settings management section opens.
To complete the configuration of this module, it is enough to set a condition for temporary automatic blocking of the IP address (ban). Using the parameter will allow the functionality of detecting DDoS attacks, brute force attacks and flood attacks to block the source of the attack.
By clicking on you can add a new set of values for the parameter, a dialog box will appear for this.
For example, we added a request blocking condition separately for the domain example.com
and blocking conditions for all other domains:
To edit the current settings, click on .
After saving, the settings are applied automatically to all installed copies of the Nemesida WAF dynamic module, the settings of which can be controlled using a web application.
Nemesida AI MLC
When clicking on opens the settings management section of the Nemesida AI MLC machine learning module.
To activate additional features (detection of DDoS attacks, brute force attacks and flood), it is necessary to activate the corresponding sections.
Behavioral Model Management ¶
To start the process of building behavioral models, you need to add a virtual host corresponding to the domain of the protected web application, for example, example.com
.
Behavioral models whose training has been completed are displayed in the section “Behavioral models of Nemesida AI”. Next to the name of each behavioral model there is a status indicator, where:
– the behavioral model is being retrained;
– training is completed, the behavioral model is applied to the virtual host.
If you need to retrain the model, then you need to click and select the retraining mode. If the retraining of the model should be performed during the standard period (4 days), then to start the retraining process, just click
.
To change the training period, click and an additional field will appear where you need to specify the training period in days.
After saving, the settings are applied automatically.

Exclusion rule
an exception rule is intended to exclude request processing using a rule. Detailed instructions for creating exclusion rules are available in corresponding section.
To create a rule, click on the
The rule is edited by clicking on .
Extended request blocking rules
The functionality of the extended request blocking rules is similar to the functionality of creating personal signatures. It allows you to create a request blocking rule with a combination of different parameters, but without the support of regular expressions.
The mechanism of extended request blocking rules allows you to use additional conditions when drawing up personal rules. For example, you can create a rule by which the request will be blocked if:
- corresponds to a geographical location based on an IP address (determining the country by the attacker’s IP address);
- there is an appeal to a specific domain or URL;
- contains a specific header (for example,
User-Agent
,Cookie
,Referer
, etc.) and/or the contents of these headers.
For a more accurate result, the parameters can be combined with each other. In this case, the rule will only work if all the conditions are met.
Unlike the functionality of creating personal signatures, the extended request blocking mechanism allows you to create a rule with a combination of various parameters, but without the support of regular expressions.
Rules created
To create a rule, go to the “Personal Blocking Rules (ERL)” tab and click . After selecting the necessary options, you need to add one or more conditions by clicking on
.
For all condition parameters (except No Cookie
), it is allowed to use multiple values in one parameter block using the logical condition operators “and”, “or”, “not” (available only for the first value in the block), “and not”, “or not”. Operators do not have priority.
Values for parameters can be entered in a list, for this you need to use the “multiline input” function. The values entered in the field will be combined with each other by the logical operator used for this field.
To add a new condition, select it from the list and repeat the process.
Other headers
The parameters for the “Other headers” block are used in the key/value format and interact with each other according to the following principle:
- if there is a header, the content of only this header will be checked;
- if there is a header without content, any content of this header will be checked;
- if there is only the header content, the specified content in any header will be checked.
The rule is edited by clicking on .
To create a user, you need to send an invitation to an email and send a one-time activation code. An account that has not been activated will be grayed out.
After successful activation of the account, at the first login, the user needs to enable two-factor authentication. The following actions are available to the administrator for an activated account: reset the two-factor authentication setting, reset the password, or delete the user.
If the activation code is entered incorrectly more than 15 times, the registration process is interrupted, and the account is colored red. The administrator can delete the account signature , resend the invitation letter
or generate a new activation code
.