Nemesida WAF Free is free version of Nemesida WAF provides the base web application security against OWASP class attacks based on the signature method. Nemesida WAF Free has its own signature database, detects attacks on web applications with minimum number of false positives, is updated from the Linux repository, is installed and configured in a few minutes, does not require compilation and can be connected to installed NGINX version 1.12.2 or higher.

And what can happen if you do not take care about the security and do not use WAF

Some time ago we announced the support of Nemesida WAF Free for NGINX Mainline and Plus versions (before that the Stable branch was supported only). We decided not to stop and added in Free version function of detected attacks sending into personal cabinet.

What does new (for Free version) function allow:

to visualise attacks in personal cabinet, search using parameters, generate report in PDF;

to send attacks on email;

to get the blocked request content information;

to get the attack source information using its IP address (using ip.pentestit.ru);

to integrate Nemesida WAF Free with SIEM and third party analysis and visualising events systems (attacks are transmitted on API after that in database for following processing using PostgreSQL).

Nemesida WAF Free distinctive features:

minimum requirements to hardware resources;

minimal increase in response time during the request processing;

installation and updating from repository;

possibility of connection to installed NGINX;

installation and setting in a few minutes;

ease of maintenance.

High loadings

When the traffic high load (~ 500 RPS) Nemesida WAF Free nearly does not load the processor and does not waste the memory:

Traffic statistic

Nemesida WAF Cabinet allows to display traffic statistic and response time from the final web application. For that you should connect dynamic module VTS to NGINX. After the necessary parameters installation the statistic will be available in Cabinet.

Events search

The search line in Cabinet is able to assume different values, for example the search of attack entry, source IP, attack type etc.:

Types of the blocked attacks

Injection (RCE, SQLi, XXE, OS command etc.);

XSS;

Information Leakage;

Path Traversal;

Open Redirect;

Web Shell;

HTTP Response Splitting;

RFI/LFI;

Server-Side Request Forgery.

Signature information

The actual signature set is available on the page rlinfo.nemesida-security.com. More than that every request, that was blocked with signature method, has the RuleID, click of that the signature content will display and using that if the necessary will be it is possible to make exclusion rule:

Besides

It is possible in Nemesida WAF Free to create your own signatures, exclusion rules, switch WAF off or switch to LM mode (IDS analogue) for one or all virtual hosts and use these possibilities for requests source IP address.

Installation and setting:

Despite lack of machine learning module and auxillary components (vulnerability scanner, virtual patching etc.) in Free version, Nemesida WAF Free is «light» but effective tool for non-target web application attacks. All Nemesida WAF Free components are available for Debian, Ubuntu and CentOS distributives.