Nemesida WAF Release Notes 2023 | Nemesida WAF

Dynamic module:

• The mechanism for determining paths for directories and files of a dynamic module has been fixed, which is why the module previously did not start on some versions of Nginx (e.g. 1.18).

Nemesida AI MLA

• Minor fixes.

Dynamic module:

• Added blocking of the request before sending it to the Nemesida API Firewall module for analysis, if the method by which the request was sent is not included in the list: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, TRACE;
• Fixed the mechanism for blocking requests using the signature method for cases when the request was not blocked using the Nemesida API Firewall.

Nemesida AI MLA

• Fixes related to request processing by the machine learning module.

Dynamic module:

• Extended description of the reason for blocking a request by the Nemesida API Firewall module when sending an event to the Nemesida WAF API;
• Added support for Nginx 1.25.3 Mainline.

Added support for an extended description of the reason for blocking the request by the Nemesida API Firewall module.

Improvements related to the GeoIP data loading mechanism.

• Fixes related to receiving GeoIP data;
• Added functionality for automatic rotation of event log files;
• Other fixes and improvements.

• Fixes related to the normalization of data transmitted to the model tuning functionality (MT);
• Optimization of RAM usage when processing some types of requests.

Dynamic module:

• For the commercial version of Nemesida WAF, the mechanism for sending events about identified incidents to the Nemesida WAF API has been changed;
• Other fixes and improvements.

Nemesida AI MLA:

• Fixes related to the Nemesida API Firewall.

Added functionality for sending events about detected incidents to the Nemesida WAF API.

• Fixes related to the initialization of the database structure;
• Fixes related to the operation of the model tuning functionality (MT).

Dynamic module:
Changed the display of the contents of the BODY zone when blocking a request using the Nemesida API Firewall and the current options: nwaf_body_exclude, nwaf_body_bin_exclude, nwaf_post_body_exclude, nwaf_put_body_exclude.

Fixed related to the initialization of the database structure.

Dynamic module:

• Expanded the list of Content-Type for the option nwaf_body_bin_exclude;
• Changed the algorithm of interaction with Nemesida API Firewall;
• Changed the effect of options nwaf_body_exclude, nwaf_body_bin_exclude, nwaf_post_body_exclude, nwaf_put_body_exclude on the Nemesida API Firewall.

Nemesida AI MLA:

• Added control of OpenAPI specification processing containing recursion;
• Fixes related to the analysis of the request using the Nemesida API Firewall.

Fixed a bug preventing some services from starting.

• Fixes related to URL handling for OpenAPI specifications;
• Fixes related to the initialization of the database structure.

• Added the API_PROXY parameter for interacting with the Nemesida WAF API via a proxy server;
• Fixed a problem related to the inability to display information about the attack;
• Fixed a problem related to incorrect display of the state of the behavioral model;
• Other fixes and improvements.

Dynamic module:

• Changed processing of miltipart/form-data requests when sending to Nemesida API Firewall;
• Other changes and improvements.

Nemesida AI MLA:

• Fixes related to the Nemesida API Firewall functionality.

• Fixes related to the database structure;
• Changes related to loading data from the GeoIP server.

• Improvements related to automatic generation of the OpenAPI specification;
• Minor fixes related to the logging system.

Dynamic module:

• Added support for Nginx 1.25.2 Mainline and Nginx Plus R30;
• Changed the algorithm for processing headers in requests multipart/form-data;
• Improved log file output in monitoring mode;
• Other changes and improvements.

Nemesida AI MLA:

• Changes related to accessing the Nemesida WAF API to get information about Nginx settings;
• Other changes and improvements.

• Fixes related to validation of the OpenAPI specification when it is loaded;
• Fixes related to validation of Nginx settings;
• Added data masking when outputting private keys and dhparam;
• Removed the outdated functionality;
• Added compatibility with PostgreSQL 15;
• Fixes related to the use of the component in Debian 12.

• Fixes related to receiving data from the GeoIP server;
• Fixes related to the use of the component in Debian 12.

Minor fixes related to displaying and sending information to the component event log.

• Changes related to sending requests and logging events;
• Optimizing the components performance;
• Other changes and improvements.

Dynamic module:

• Changed the protocol of interaction with the API Firewall service;
• Other changes and improvements.

Nemesida AI MLA:

• Multiple improvements related to request processing by means of the API Firewall;
• Improvements related to the control of RAM usage when processing requests by behavioral models;
• Services for FreeBSD have been translated to Python 3.10. Before updating components, it is recommended to delete the /usr/local/share/nwaf/venv directory.

• Fixes related to the processing of the contents of the directory /etc/nginx/nwaf/conf/global/db/openapi.db;
• Fixes related to Nginx settings display;
• Fixes related to sending a request to the GeoIP server.

• Fixed an error that occurs when the API_URI parameter value is empty;
• Fixed an error that occurs when launching the service for sending email notifications about attacks.

• Improved the functionality of grouping attacks;
• Improved the «Blocked IP» functionality;
• Added the «Event Collector» functionality (EC), which allows you to view messages from the Nemesida WAF components;
• Added functionality for managing the list of automatically blocked IP addresses (BS);
• Component support for Debian 10 has been completed;
• Other changes and improvements.

Changes related to the operation of the DDoS attack detection mechanism.

• Corrections related to the output of information about the extended blocking rules (ERL);
• The functionality of event output for the event log and the functionality of receiving information about attacks has been expanded;
• Other changes and improvements.

Dynamic module:

• Improved stability on FreeBSD;
• Changed the PIP dependency update script.

Nemesida AI MLA:

• Fixes related to processing requests using the Firewall API;
• Changed the PIP dependency update script.

Changes related to processing GeoIP data.

Due to the end of support for Python 3.7 (security updates and bug fixes in Python or pip), the release of component updates for the distribution Debian 10 is discontinued, with the exception of packages for filtering nodes (nwaf-dyn) and Nemesida AI MLC (nwaf-mlc). To prevent incorrect interaction of the Nemesida WAF components, we recommend updating the component servers to the distribution versions with the current version of Python. You can check the version status of Python here.

• Fixes related to displaying a list of paths for analyzing requests using the API Firewall;
• Fixes related to downloading, changing and deleting the OpenAPI specification;
• Extended functionality for deleting events from the Nemesida WAF component log;
• Component support for Debian 10 has been completed;
• Other changes and improvements.

Dynamic module:

• Added support for Nginx 1.25.1 Mainline.

Nemesida AI MLA:

• Fixes and improvements related to processing requests using the Firewall API.

• Corrections related to the processing and displaing information for the “Blocked IP” section;
• Other fixes and improvements.

Dynamic module:

• Improved stability of the module on CentOS 8;
• Other changes and improvements.

Nemesida AI MLA:

• Fixed an error that occurs in some cases when processing requests using the API Firewall.

Changes related to processing GeoIP data.

Dynamic module:

• Improved the mechanism for determining the country by IP address;
• Added support for Nginx 1.25.0 Mainline and Nginx Plus R29;
• Removed the option nwaf_geoip_db_path. The connected GeoIP database is no longer used, instead the information is provided by the Nemesida AI MLA module.

Nemesida AI MLA:

• Changes related to processing GeoIP data.

Fixed a bug that prevented the use of the localhost value as the virtual host name when configuring the filtering node and Nemesida AI MLC.

• Fixed incorrect display of behavioral model status indicators;
• Fixed incorrect display of non-latin domains when generating reports in PDF format;
• Added support for the parameters «Deactivation of request analysis for compliance with the RFC for URL», «Activation of the monitoring mode of request analysis in case of non-compliance with the RFC for URL» and «Deactivation of the analysis by the signature method of the binary content of the BODY zone, as well as sending the contents of the zone to the Nemesida AI MLA and Nemesida AI MLC modules»;
• The functionality of drawing up request blocking rules (ERL) has been improved;
• Other fixes and improvements.

Dynamic module:

• Improved stability of interaction with RabbitMQ;
• Improved the principle of operation of the options: nwaf_body_exclude, nwaf_url_wl, nwaf_rfc_violation_wl, nwaf_rfc_violation_lm, nwaf_openapi_url_lm, nwaf_openapi_url_wl;
• Added support for the options nwaf_body_bin_exclude;
• Added the parameter nwaf_mla_mgmt, which sets the host and port for managing the Nginx web server using Nemesida AI MLA.

Minor changes related to the processing of the training sample.

• Added the ability to manage scanning settings for the Nemesida WAF Scanner component;
• The validation functionality has been improved for options: nwaf_body_exclude, nwaf_url_wl, nwaf_rfc_violation_wl, nwaf_rfc_violation_lm, nwaf_openapi_url_lm, nwaf_openapi_url_wl;
• Added support for the options nwaf_body_bin_exclude;
• Corrections related to copying the behavioral model.

• New version of the scanner;
• Added the option to exclude modules when scanning a web application;
• Added the ability to manage scan settings using the Nemesida WAF API;
• Added functionality for sending component operation events to the Nemesida WAF API;
• Other fixes and improvements.

Nemesida AI MLA:

• Corrections related to the processing of the OpenAPI specification;
• Other fixes and improvements.

Minor fixes and improvements.

• Improved validation of the OpenAPI specification when it is loaded;
• Other fixes and improvements.

Dynamic module:

• Processing of the boundary field for requests with Content-Type: multipart/form-data is in compliance with the RFC;
• Added parameters for processing in passive mode for URL (nwaf_rfc_violation_lm) and adding a URL to the white list (nwaf_rfc_violation_wl) to disable blocking requests with RFC violation.

Nemesida AI MLA:

• Minor fixes related to processing multipart/form-data.

Minor fixes related to processing multipart/form-data.

• Added support for the nwaf_rfc_violation_wl and nwaf_rfc_violation_lm parameters;
• Fixed the display of the list of wildcard values of available models.

• The functionality of activating two-factor authentication has been improved;
• Fixes related to copying behaviors for non-latin virtual hosts;
• Fixed a problem when loading the OpenAPI specification;
• Optimized the functionality of generating reports in PDF format;
• Other fixes and improvements.

Dynamic module:

• Added support for Nginx 1.24.0 Stable;
• Other fixes and improvements.

Nemesida AI MLA:

• Fixes related to checking the limits of the number of virtual hosts when applying the behavioral model.

Fixes related to checking the limits of the number of virtual hosts when creating a behavioral model.

• Fixes related to checking limits on the number of virtual hosts when creating a behavioral model;
• Fixes related to copying behaviors for non-latin virtual hosts;
• Added functionality to clear the entire list of temporarily blocked addresses.

Dynamic module:

• Added support for Nginx 1.23.4 Mainline;
• Fixed an error related to determining the IP address of the server on which the component is installed.

Nemesida AI MLA:

• Fixes related to the operation of the module under high loads.

Fixed incorrect format of output of some events to the log.

Fixes related to updating GeoIP data.

• Added functionality for sending component operation events to the Nemesida WAF API;
• Minor fixes and improvements.

Nemesida AI MLA:

• Added functionality for getting Nginx web server settings from Nemesida WAF API;
• Added functionality for sending component operation events to the Nemesida WAF API.

Dynamic module:

• Improved analysis of UTF-16 encoded data;
• Added functionality for sending component operation events to the Nemesida WAF API;
• Other fixes and improvements.

• Added support for centralized reception, storage and processing of events from Nemesida WAF components;
• Added functionality for displaying information about attacks and statistics on them;
• Updated the functionality of interaction with the GeoIP server;
• The event log storage directory has been changed (/var/log/uwsgi/nw-api/*.log);
• Other fixes and improvements.

• Fixes related to validation of nwaf_host_wl parameter values;
• Cumulative package of fixes and improvements.

Fixes related to training sample handling in Ubuntu 20.04.

• Added functionality to manage Nginx settings;
• Cumulative package of fixes and improvements.

Fixed an error that occurs on some distributions when processing an SQLite file with a training sample.

Nemesida AI MLA:
Improvements related to multipart/form-data request body processing.

Improvements related to multipart/form-data request body processing.

Fixes related to the handling of non-public IP addresses and non-Latin domain names.

Fixed bugs in the Recheck functionality.

• Improved “Blocked IPs” section;
• Other fixes and improvements.

Nemesida WAF dynamic module:

• Improved stability if license key cannot be validated.

Nemesida AI MLA:

• Important fixes related to machine learning module request processing;
• Other fixes and improvements.

Nemesida AI MLA:

• Important fixes related to machine learning module request processing;
• Other fixes and improvements.

Nemesida AI MLA:
Improvements related to request processing by the machine learning module.

Improvements related to request processing by the machine learning module.

• Fixes related to request processing when building a schema using the OpenAPI specification;
• Improvements related to the processing of certain types of requests;
• Other fixes and improvements.

Nemesida WAF dynamic module:

• Some fixes and improvements.

Nemesida AI MLA:

• Fixes related to request processing when building a schema using the OpenAPI specification;
• Other fixes and improvements.