Nemesida WAF Free - a free version that provides basic protection of a web application against attacks
Last year we released the first release of Nemesida WAF, built on the basis of machine learning. We tried several options and settled on the Random Forest learning algorithm. The main advantages of machine learning in comparison with the signature analysis are increased accuracy of attack detection, as well as a decrease in the number of false positives. On the other hand, the use of a machine learning module requires additional hardware resources. To provide basic web application protection with minimal hardware resources, we released Nemesida WAF Free, a free version of Nemesida WAF that detects attacks based on their signatures.
Nemesida WAF is a dynamic module for Nginx stable versions starting from 1.12, available for popular Linux distributions (tested on Debian, Ubuntu and CentOS platforms).
When creating signatures, we use various sources, as well as the result of the work of the Nemesida AI module. Minimizing the number of false positives in Nemesida WAF Free is achieved by:
- highlighting areas of application of the rules;
- the use of maximum permissible digital indicators of signatures;
- use chains of rules.
These mechanisms allow you to create a quality database of signatures, in which the number of false positives will be minimal. In addition, it is possible to apply exclusion rules, the creation of which is recommended to maximize the area of occurrence of a false positive.
Types of detected attacks:
- Injection (RCE, SQLi);
- RFI \ LFI;
- Path Traversal;
- Unwanted access (access to source code, archives, configuration files and backups).
The list of possibilities:
- identification of attacks by the signature method;
- automatic blocking of an attacker by IP address;
- analysis of requests by means of anti-virus software;
- the ability to work in IDS mode;
- display information about the attacks in the log file;
- minimum hardware requirements.
The main limitation of the free version is the use of the Nemesida AI machine-learning module, which allows more accurately and with a minimum number of false positives to detect attacks on web applications (the Nemesida AI module, including, is able to detect zero-day attacks). The free version of the machine learning module is not involved.
If you want to provide basic protection for a web application, Nemesida WAF Free will be an excellent solution - easy to install and maintain, without high requirements for hardware resources. The installation process for Nemesida WAF Free is described in the documentation.. For testing a trial version, use a virtual machine disk for KVM / VMware / Virtualbox with Nemesida WAF already installed .