Nemesida WAF Updates 2021 | Nemesida WAF

Minor changes and improvements.

Minor changes and improvements.

• Added support for Nginx 1.21.3 Mainline;
• Other fixes and improvements.

• Sending events with BT 7/8/9/10 to the Nemesida WAF API module is performed by the Nemesida AI MLC module;
• Added automatic extension of training time when there has no traffic;
• Cumulative package of updates and fixes.

• Added functional of normalizing the contents of the mz field;
• Minor changes in the database structure.

Minor changes and improvements.

Reduced memory consumption.

Minor changes when processing incoming events.

• Added functionality for detecting potential attacks;
• Improved detection mechanism for brute-force attacks and DDoS attacks.

• Added support for advanced rules for blocking requests (by country, IP-address, domain, URL, headers, etc.);
• Added the ability to connect the GeoLite2 base to obtain information about the alleged geographic location of the attacker based on the IP address;
• Other fixes and improvements.

• Added filters:
  • Possible – displaying information about all attacks, the type of which has not been reliably established;
  • URL – displaying information about attacks with the specified content in the URL field. Example: url:index.php;
• Added EMAIL_DETAILS parameter to send more detailed information about attacks by email;
• Other fixes and improvements.

• Added caching for the Summary page;
• Added support for the OR operator in the search bar (e.g. h:example.com or ip:1.2.3.4);
• Optimized loading of events when scrolling the page;
• Added processing and output of BT 9 events;
• Improved the design of the Scanner page;
• Other fixes and improvements.

• Improved display of events;
• Other minor improvements and fixes.

Minor improvements.

• Changed the format of requests received from the Nemesida WAF dynamic module;
• Improved the mechanism for detecting brute force and DDoS attacks;
• Other fixes and improvements.

• Reduced RAM consumption;
• Added the possibility to reload the configuration/restart Nginx using the Nemesida WAF Management API;
• Changed the processing of the combination of the HEADERS zone with the User-Agent, Cookie, Referer zones in rules and exceptions;
• Changed the format of requests sent to Nemesida AI MLA/MLC modules;
• Changed the format of the packet sent to the Nemesida WAF API module;
• Other fixes and improvements.

• Fixes related to handling events that have BT 8;
• The mz field has been added to the scan_report table.

• Added remote code execution (RCE) vulnerability check;
• Fixed false positives when checking XSS;
• Added check in Headers, User-Agent, Referer, URL zone;
• Added the Cookie check (checks for the HttpOnly and Secure flags);
• Added processing of multipart boundary in the Body zone;
• Other fixes and improvements.

Added support for Nginx 1.21.1 Mainline.

• Updated the list of filters:
  • Added theheaders filter, designed to search for events by the content of request headers;
  • uri filter renamed to url;
  • Removed body filter.
• The number of events displayed on the page has been increased, the information content has been increased;
• Other fixes and improvements.

• Optimized processing of events having BT 7/8/10;
• Minor fixes and improvements.

For correctly work of the Nemesida WAF API module in Ubuntu 16.04, you need to update the PostgreSQL DBMS to version 9.6 or higher.

Improved the speed of processing requests when detecting brute-force attacks and DDoS attacks.

The order of migration has been changed.

• Added the LM parameter to set the blocking rules to the LM mode;
• Added the nwaf_ban_captcha_url parameter to extend the capabilities of the captcha function;
• Other fixes and improvements.

Cumulative package of fixes and improvements.

• Expanded display of information about the IP-address;
• Fixed the h and t filters on the Scannerpage;
• Added grouping of requests with BT 1 and BT 2 having the same Request ID;
• Other fixes and improvements.

Updates required for the operation of the Nemesida WAF Cabinet module.

The update required to work with the current version of the database.

Added support for NGINX Plus Release 24 (R24), Nginx 1.20.1 Stable and 1.21.0 Mainline.

• Improved display of events on the main page;
• Improved API operation mechanism;
• Other minor improvements and fixes.

Improved mechanism operation of the LM.

Fixed the error that occurs when initializing the attack table of the waf database for the first time.

• Improved API performance;
• Other minor improvements and fixes.

• Fixed the problem of accumulating events within a time window when detecting brute-force attacks;
• Added functionality for detecting DDoS attacks (BT 10);
• Other fixes and improvements.

• Added support for Nginx 1.20.0 Stable and 1.19.10 Mainline;
• Renamed nwaf_bf_ban_captcha_host option to nwaf_ban_captcha_host as it is now also used to unblock requests identified by Nemesida AI MLC as BT 10;
• Renamed nwaf_bf_ban_captcha_path option to nwaf_ban_captcha_path as it is now also used to unblock requests identified by Nemesida AI MLC as BT 10;
• Added nwaf_ddos_detect_host_lm option to enable LM mode on individual virtual hosts for requests defined by Nemesida AI MLC as BT 10;
• Added sending messages like BT 10 (DDoS attacks) to Nemesida WAF API.

• Added support for requests identified as DDoS attacks.

• Merged Attacks, Brute-force and Internal error pages;
• Added support for requests identified as DDoS attacks;
• Improved filters;
• Other fixes and improvements.

• Improved signature analysis engine.

• Fixed an issue that occurred when training multiple virtual hosts at the same time.

• The problem of duplicate records in MTP mode is fixed.

• Cumulative package of updates and fixes that increase the speed of the module, usability and information content.

• Added support for Nginx 1.19.9 Mainline;
• Fixes and improvements for Nemesida AI MLA modules and Nemesida WAF dynamic module.

• Improved mechanism for eliminating duplicate records when using Nemesida AI MLC in MTP mode.

• Cumulative package of fixes and improvements.

• Fixed incorrect display of WAF ID during export;
• Removed False Negative page.

• Added support for Nginx 1.19.8 Mainline.

• Improved interaction with the Nemesida AI MLA module;
• Added multiple message sending to Nemesida WAF API;
• Minor changes when interacting with Nemesida AI MLC;
• Minor changes in Nemesida AI MLA;
• Other fixes and improvements.

• Changing the format of transmitted messages to the dynamic module Nemesida WAF;
• Outputting information about WAF ID to a log file;
• Other minor changes.

• Fixed the problem of duplicating records saved in the database when using Nemesida AI MLC in MTP mode;
• Expanded output of events to the log file;
• Other improvements.

• The add_banned_ip parameter has been added to the Nemesida WAF Management API, which allows you to include IP addresses in the list of temporarily blocked for block_time in the nwaf_limit parameter;
• Improved interaction with the Nemesida WAF API module;
• Added the ability to log messages to a separate file in the Nemesida WAF Management API management interface;
• Added the ability to use the NoAPI and LM options when creating personal signatures;
• Added support for Nginx 1.19.7 Mainline;
• Improved stability of the Nemesida AI MLA module;
• Other fixes and improvements.

• The mechanism for applying exported requests from Nemesida WAF Signtest has been updated;
• Added the [training] section to the mlc.conf file to manage the training process;
• Other minor improvements.

• The problem with incorrect updating of the mlc.conf file after training has been fixed;
• Other minor improvements.

• Fixed a problem when receiving many messages from the dynamic module Nemesida WAF and Nemesida WAF Scanner.

• Added Summary page with total summary information about blocked attacks;
• It changed the mechanism to display an indicator of behavioral models;
• Optimized module operation with a large number of events;
• Improved search engine;
• Added filter for Rule ID and zone BODY;
• Other minor changes.

• Cumulative package of fixes and improvements for the Nemesida AI MLA module.

• Cumulative package of fixes and improvements.

• Added functional for using captcha (parameters nwaf_bf_ban_captcha_host and nwaf_bf_ban_captcha_path in nwaf.conf) to unblock the IP-address that received BT 7 (brute force attack);
• Added functional for Base64 decoding of the request content by the Nemesida AI MLA module (section [deep_inspection] in mla.conf);
• Other minor changes.

• Added functional for Base64 decoding of the request content by the Nemesida AI MLC module (section [deep_inspection] in mlc.conf);
• Optimized module operation under heavy loads;
• Implemented the functional of saving the training sample for further training;
• Other minor changes.

• Cumulative update package that includes fixes related to receiving events from Nemesida WAF Scanner.

• Improved stability of the module;
• Improved mechanism for detecting anomalies;
• Optimized module operation under heavy loads;
• Multiple fixes and improvements.

• Improved processing of requests coming from the Nemesida AI MLC module;
• Changed the format of messages sent to the Nemesida WAF API;
• Improved mechanism for detecting anomalies by the Nemesida AI MLA module, improved stability of operation;
• Other minor changes.

• Cumulative update package.