Nemesida WAF Release Notes 2022 | Nemesida WAF

• Added support for Nginx 1.23.3 Mainline and Nginx Plus R28;
• Improved mechanism for processing the request body sent by the GET, HEAD, OPTIONS methods and an arbitrary method;
• Improved stability of the dynamic module;
• Fixes related to request processing with OpenAPI specification;
• Improved the mechanism for applying the behavioral model. The behavioral model for a virtual host will also apply to its WWW alias. Example:
  • the model example.com will apply to example.com and www.example.com;
  • the model a.example.com will apply to a.example.com and www.a.example.com.
• Other fixes and improvements.

Improved the mechanism for applying the behavioral model. The behavioral model for a virtual host will also apply to its WWW alias. Example:

• the model example.com will apply to example.com and www.example.com;
• the model a.example.com will apply to a.example.com and www.a.example.com.

Minor fixes and improvements.

Minor improvements fixes, among other things, to the automatic conversion of IDN domains.

Fixed a potential issue that could occur during authorization.

• Fixed a potential issue that could occur during authorization;
• Improved training sample read/write mechanism in SQLite;
• Other fixes and improvements.

• Added activation of two-factor authentication in user settings;
• Added the ability to display requests from IP addresses from the list of blocked (Blocked IP) on the attacks page;
• Added the ability to group attacks of the same type;
• Added search filters t:oapi and t:bl to sort records from OpenAPI and Blocked IP sections;
• Added support for “Deactivate IP-based geolocation detection” and “Deactivate zone decoding for URL” options;
• Other fixes and improvements.

Cumulative improvement package.

• Fixes related to request processing using the OpenAPI specification;
• Multiple improvements related to the work of the machine learning module;
• Ended support for the cloud WebApp and API, settings are managed using Nemesida WAF Cabinet and local API;
• Other fixes and improvements.

• Fixes related to request processing using the OpenAPI specification;
• Multiple improvements related to the work of the machine learning module;
• Ended support for the cloud WebApp and API, settings are managed using Nemesida WAF Cabinet and local API;
• Ended support for the Nemesida WAF Signtest module. Behavioral models are managed in Nemesida WAF Cabinet;
• The list of virtual hosts is managed using the Nemesida WAF Cabinet and the local API;
• Ended support for Nemesida AI MLS functionality;
• Other fixes and improvements.

• Added support for Nginx 1.22.1 Stable and Nginx 1.23.2 Mainline;
• Fixed an issue where in some cases there was a timeout waiting for a response from Nemesida AI MLA.

Fixed errors that occurred after the installation of the module before its configuration.

• For Light and Business plans, has been added the possibility to manage module settings local, using Nemesida WAF API or Nemesida WAF Cabinet;
• Fixed an issue with some IP addresses added to the whitelist (WL) when detecting DDoS attacks;
• Improved machine learning module performance at higher loads.

• Added support for number type when analyzing requests for compliance with OpenAPI specification;
• Increased speed of requests analysis for compliance with OpenAPI specification;
• For Light and Business plans, has been added the possibility to manage module settings local, using Nemesida WAF API or Nemesida WAF Cabinet;
• Fixed an issue with some IP addresses added to the whitelist (WL) when detecting DDoS attacks;
• Improved machine learning module performance at higher loads.

• For Light and Business plans, has been added the possibility to manage module settings local, using Nemesida WAF Cabinet;
• Fixed an issue with incorrect display of behavioral model training status;
• Added ability to block IP address during event handling when configuring models;
• Other fixes and improvements.

• Added support for finding vulnerabilities Server Side Request Forgery (SSRF) and XML External Entity (XXE);
• Other fixes and improvements.

• Improved request decoding mechanism;
• Improved request processing mechanism in accordance with the OpenAPI/Swagger specification;
• Cumulative package of fixes and improvements.

• Improved request decoding mechanism;
• Improved request processing mechanism in accordance with the OpenAPI/Swagger specification;
• Other fixes and improvements.

Cumulative package of fixes and improvements.

• Added the ability to track detected/fixed vulnerabilities on the scanner page;
• Improved the mechanism for adding parameters in the Nemesida WAF settings;
• Improved IP address blocking functionality;
• Added the ability to block an IP address by clicking on it on the attacks page;
• Other fixes and improvements.

Updated WAF ID for Nemesida WAF Community Edition.

• Changed the format of messages in the log file when working with Nemesida AI MLA;
• Added Nginx 1.23.1 Mainline support;
• The mechanism for detecting anomalies in a request based on the request schema in OpenAPI and Swagger format has been improved;
• Added support for FreeBSD 12/13;
• Other fixes and improvements.

• Improved the display of the result of the sensitive data search module;
• Improved verification of signatures when setting up models;
• Improved the functionality of creating WL for different plans;
• Fixed errors when working with behavioral models (creation, retraining, deletion);
• Other fixes and improvements.

• VTS module support removed;
• Added automatic conversion of OpenAPI 2.0 (Swagger) schema to OpenAPI 3.0 on load;
• Improved report generation mechanism in PDF format;
• Other fixes and improvements.

• Fixed an issue with excluding data from the training sample when activating the list of virtual hosts in OpenAPI;
• Other fixes and improvements.

• Added support for Nginx Plus R27;
• Added OpenAPI support (available for the Business and Enterprise plan);
• Added the ability to organize offline management of module settings using the Nemesida WAF API (information about settings is not transmitted outside the network perimeter, available for the Enterprise plan);
• The module is launched in Free mode after an unsuccessful verification of the license key within 5 seconds;
• Synchronization of blocked IP addresses between servers is now forcibly performed only using the Nemesida WAF API;
• Fixed slowing down of request processing by signature analysis for Nginx 1.21 and later on Debian 10 and CentOS 8 Stream;
• Added support for the NoMLA option when create exclusion rules;
• Other fixes and improvements.

• Added OpenAPI support;
• Added the ability to organize offline management of Nemesida AI MLC settings and behavioral models using the Nemesida WAF API (information about settings, generation, storage and loading of behavioral models is not transmitted outside the network perimeter, available for the Enterprise plan);
• Interaction with the configuration file nwaf.conf of the Nemesida WAF dynamic module has been terminated.

• Added OpenAPI support;
• Added the ability to organize autonomous management of behavioral models, as well as Nemesida WAF and Nemesida AI MLC settings;
• Added synchronization of blocked IP addresses between servers;
• Improved the mechanism for processing signature descriptions;
• Improved the mechanism for processing signature descriptions.

After updating this module, it is recommended to abandon the use of Nemesida WAF Signtest and configure behavioral models using Nemesida WAF Cabinet.

• Added OpenAPI support;
• Added functionality for configuring behavioral models of the Nemesida WAF Signtest module (the Nemesida WAF Signtest module has been removed from support);
• Added the ability to organize offline management of Nemesida WAF and Nemesida AI MLC settings using the Nemesida WAF API;
• Other fixes and improvements.

• Added support for Nginx Plus R26 and Nginx 1.22.0 Stable;
• Fixed the mechanism of the mla_score parameter when using Nemesida WAF Free (thanks to Artem Mishchenkov);
• Added support for an additional header $nwaf_cc for Nginx, which defines the blocking of a request by country using an extended request blocking rule;
• Added support for models copied via rep_models for the Nemesida AI MLA module;
• Improved mechanism of normalization and decoding of query contents for the Nemesida AI MLA module;
• Other fixes and improvements.

• Added support for models copied via rep_models;
• Improved mechanism for normalizing and decoding the content of requests;
• Other fixes and improvements.

• Updated description of some types of vulnerabilities;
• Improved the principle of displaying attacks on the page. The domains to be displayed on the page are sorted not by the number of attacks, but by the time of the last received event;
• Added display of Sensitive Data Exposure search results (SDE) as a separate table;
• A new country filter has been added to the country grouping section Country not defined. Displays attacks whose country could not be determined by IP address and which do not belong to Private IP;
• Other fixes and improvements.

Multiple fixes and improvements.

• Added support for finding vulnerabilities Unrestricted File Upload (UFU) and Sensitive Data Exposure (SDE);
• Other fixes and improvements.

• Added descriptions of the types of attacks and vulnerabilities detected;
• Other fixes and improvements.

• Added editing of BT 13 event records;
• Fixed errors when exporting events;
• Other fixes and improvements.

Optimization of the Nemesida AI MLA module under heavy loads.

• Redesigned the results page of the Nemesida WAF Scanner module;
• Improved grouping of entries on the attacks page;
• Other fixes and improvements.

Added TLS support when interacting with a remote RabbitMQ server (parameter rmq_host).

Fixed uncorrected display of attacks on the Attack page.

• Improved definition of CountryCode for the IP address of the request source
• Improved the mechanism of unlocking using captcha;
• The NoMLA zone for the WL and LM signature analysis rules has been removed;
• Improvements to the Nemesida AI MLA module;
• Other improvements and fixes.

• Added localization in Russian language;
• Added grouping of attacks;
• Other changes and improvements.

Cumulative package of improvements.

• Added support for vulnerability search RFI;
• Improved performance of the SQLi module;
• Fixed errors in the operation of the Recheck functionality.

• Improved performance when generating the Summary page;
• Improved operation of filters;
• Other fixes and improvements.

• Improved stability and performance when working with high loads;
• Added automatic normalization for internationalized domain names;
• Other fixes and improvements.

• Improved stability and performance when working with high loads;
• Added automatic normalization for internationalized domain names;
• Improved compatibility with Nginx debugging mode;
• Other fixes and improvements.

• Fixed bugs and optimized page generation Summary;
• Improved the interface for removing attacks;
• Added the CC filter, which filters attacks by country. Example: cc:ru will remove all attacks from Russia;
• Added full-text search. When used, all matches will be searched;
• Other changes and corrections.

• Added compatibility with Django 4.0.2 LTS;
• Other fixes and improvements.

• Improved the web application page search module;
• Added support for SSTI vulnerability search;
• Improved authorization module;
• When using the Recheck functionality, domains with www are also checked (for example, www.example.com).

• Added functionality for loading GeoIP-data;
• Minor changes and improvements.

• Reduced resource consumption when detecting anomalies by the machine learning module;
• The DDoS section has added support for wildcard values «*» for the virtual host parameter wl_url;
• Other fixes and improvements.

• Added a relevant display of the search filters used;
• Added the functionality of automatic delete attacks;
• The result of the filter mz:url now includes a search by uri;
• Other fixes and improvements.

• Fixed a problem with running in Debian 11;
• For the auth_uri parameter, support for URI has been added if authentication occurs in another web application (example: example.com/login.php);
• Improved the work of the vulnerability search module SQLi;
• Other improvements and fixes.

Cumulative package of fixes and improvements.

• Added Nginx 1.21.6 Mainline support;
• Added the ability to set IP address blocking lists using the cloud API;
• Cumulative package of fixes and improvements for the Nemesida AI MLA module;
• Other fixes and improvements.

• Added sorting of filters by frequency of their use;
• Optimized report generation;
• The format of applying negation to filters has been changed. Now the negation must be specified before the filter, for example: !h:example.com;
• Multiple fixes and improvements.

After updating the module, for correct operation, it is necessary to restart the Memcache service with the command: service memcached restart.

• Added Nginx 1.21.5 Mainline support;
• Added virtual environment support for pip-dependencies;
• Multiple fixes and improvements.

• Added virtual environment support for pip-dependencies;
• Multiple fixes and improvements.

• Fixed an issue when processing some types of IP addresses.