A list of updates of Nemesida WAF modules for 2025 information about installing, updating and diagnosing the software is available in the manual.
24.03.2025
- Added functionality for advanced settings for detecting brute-force and flood attacks;
- Other fixes and improvements
18.03.2025
- Added the option to send a message about closing a Websocket connection specifying the request ID, source IP address, and block type based on the returned headers using the values of the variables
$request_id
,$remote_addr
, and$nwaf_block_type
; - Improved algorithm for detecting and blocking attacks when analyzed by the machine learning module and antivirus software for Websocket connections;
- Added support for regular expressions to the advanced URL blocking rules;
- Other fixes and improvements.
Nemesida AI MLA:
- Fixes related to the transfer of functionality to interact with the new Nemesida WAF API URLs.
13.03.2025
- Added the functionality necessary for the Nemesida AI MLC component to work in distributed mode;
- Added the URL
/nw-api/get_attack_vhost_stats
to get advanced attack statistics; - For the URL
/nw-api/get_attack
, the field namesignatureType
(type of detected attack) has been replaced withdescription
; - Added regular expression support for advanced blocking rules (ERL v2);
- Corrections related to the output of information about the extended blocking rules (ERL v2) have been made;
- Other fixes and improvements.
- Added support a distributed mode operation;
- Other fixes and improvements.
Before updating the component, you must update the Nemesida WAF API component.
05.03.2025
brute__bf_detect
value when accessing the URL /nw-api/v2/get_mlc_settings
to get information about the component settings.
- Fixes related to the exclusion of duplicate records of certain types of events when sending to Nemesida WAF API;
- Cumulative package of fixes and improvements related, among other things, to the detection of
Brute-force
/Flood
/DDoS
/Web scraping
events.
23.02.2025
- Added support for antivirus software analysis for data sent over an established Websocket connection;
- Added fields
no_ua
(no headerUser-Agent
),no_referer
(no headerReferer
) to create extended blocking rules (ERL); - Added functionality that allows you to record all requests received by the filtering node;
- Other fixes and improvements.
Nemesida AI MLA:
- Improvements related to determining the country by IP address;
- Corrections related to the processing of the request body.
20.02.2025
- Fixes related to generating settings for the dynamic module;
- Fixes related to copying behavioral models;
- Added support for checking the absence of User-Agent (
no_ua
) and Referrer (no_referer
) headers when creating an extended blocking rule (ERL); - Other fixes and improvements.
After updating the component, it is recommended to restart the Nemesida AI MLA component on the filtering node:
# systemctl restart mla_main
17.02.2025
14.02.2025
- Improvements related to determining the country by IP address;
- Fixes related to the processing of the request body.
- Using the
FastAPI
framework instead ofFlask
; - Added support for the nwaf_log_request option to register all requests (including unblocked ones) processed by the filtering node;
- The log file storage directory has been changed from
/var/log/uwsgi/nw-api
to/var/log/nw-api
; - Added the
WORKERS
parameter to the configuration file that regulates the number of parallel processes; - Other fixes and improvements.
After updating the component, make sure that the new proxy_pass method is set in the virtual host file /etc/nginx/conf.d/nwaf-api.conf
http://127.0.0.1:8088 instead of uwsgi_pass unix:/var/www/nw-api/nw-api.sock
.
If the old proxying method is set, change the virtual host file to the following format yourself from /etc/nginx/conf.d/nwaf-api.conf.disabled
files.
To correctly display IP addresses in the component’s log, add include proxy_params
to the /nw-api/
section.
06.02.2025
- Added support for
Nginx 1.26.3 Stable
andNginx 1.27.4 Mainline
.
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AF1A0FD3216F3F05
In order to avoid errors when updating packages, it is necessary to update the digital signature for distributions.:
1. Import the key:
# curl -s https://nemesida-security.com/repo/nw/gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/trusted.gpg --import
2. Update the package information:
# apt update
When updating a digital signature for RHEL-based distributions, the key must be imported during the update of package information, when the corresponding prompt is displayed.
Example:
# dnf update ... Nemesida WAF Packages for RHEL 63 kB/s | 5.0 kB 00:00 GPG key at https://nemesida-security.com/repo/nw/gpg.key (0x1929CEB1) is already installed Importing GPG key 0x216F3F05: Userid : "nemesida-waf.com (Pentestit LLC)" Fingerprint: 24F7 AFDC 3535 C76F 7A7E F4F1 AF1A 0FD3 216F 3F05 From : https://nemesida-security.com/repo/nw/gpg.key Is this ok [y/N]: y ...
31.01.2025
According to RFC when transmitting data over the
Websocket
protocol, by default supports 2 types of compression: without compression andpermessage-deflate
. If you need to add a new data compression method for the correct operation of the application, please inform the technical support service to implement the functionality.
- Added support for analyzing requests sent over an established
Websocket
connection; - Added functionality for monitoring the operation of the component;
- Improved the mechanism of interaction with antivirus software;
- Other fixes and improvements.
Nemesida AI MLA:
- Added support for analyzing requests sent over an established
Websocket
connection; - Added functionality for monitoring the operation of the component.
- Added support for request analysis using the
Websocket
protocol; - Added functionality for monitoring the operation of the component;
- Minor improvements.
29.01.2025
- Fixes related to date processing;
- Added support for the
nwaf_ws_proxy_pass
option for management of the web server virtual host settings.
21.01.2025
- Added the
request_type
field when receiving information about attacks; - Added functionality for monitoring the operation of components;
- Fixed an error that occurs when rotating log files;
- Other fixes and improvements.