Question on configuring?

killmasta93

New member
Hi Currently im testing out the free WAF by downloading the VM imagine on vmware,
But im confused on configuring,
Currently i have test VM with nginx IP 192.168.7.35

And my WAF vm has IP 192.168.7.130

root@nemesida-waf:~# cat /etc/nginx/conf.d/waf.conf
server {

listen 80;
index index.html;
root /var/www/html;

## Custom pages
include snippets/custom_pages.conf;

## Upstream
location / {
proxy_pass http://192.168.7.35;
include proxy_params;
}

}

i check the web console of the WAF but i dont see any traffic not sure what else i need to configure?
Thank you
 
Hi Currently im testing out the free WAF by downloading the VM imagine on vmware,
But im confused on configuring,
Currently i have test VM with nginx IP 192.168.7.35

And my WAF vm has IP 192.168.7.130



i check the web console of the WAF but i dont see any traffic not sure what else i need to configure?
Thank you

Hello,

Try to send request to http://192.168.7.130/nwaftest, will it block?
 
Thank you for the reply, correct it seems to block

I have a few questions
1) in the free version the attack message is always set as example.com?
2) I currently have a few sites with already SSL on them, would i on nemesida waf put them to reverse proxy? but i guess it would need TLS passthough
3) on the free version does it cover the OWASP top 10?
I see that it has Automatic blocking of an attacker by IP-address but it does not have ClamAV nor protection from brute force?
 
Thank you for the reply, correct it seems to block

I have a few questions
1) in the free version the attack message is always set as example.com?
2) I currently have a few sites with already SSL on them, would i on nemesida waf put them to reverse proxy? but i guess it would need TLS passthough
3) on the free version does it cover the OWASP top 10?
I see that it has Automatic blocking of an attacker by IP-address but it does not have ClamAV nor protection from brute force?
1. Yes, vhost is set to example.com for CE version
2. The server with Nginx with installed Nemesida WAF must determine the SSL-traffic (so that the WAF can process it)
3. The free version has only signature analysis. We can say that this is the basic OWASP Top 10 threat protection. Integration with antivirus, DDoS L7/Brute/Flood/Fraud protection and the use of machine learning (allows to detect various bypass techniques, e.g. cat+/et?/pa??wd etc.) are only available in the commercial version.
 
Last edited:
1. Yes, vhost is set to example.com for free version
2. The server with Nginx with installed Nemesida WAF must determine the SSL-traffic (so that the WAF can process it)
3. The free version has only signature analysis. We can say that this is the basic OWASP Top 10 threat protection. Integration with antivirus, DDoS L7/Brute/Flood/Fraud protection and the use of machine learning (allows to detect various bypass techniques, e.g. cat+/et?/pa??wd etc.) are only available in the commercial version.
Hello! Could you explain one thing please? Can I use nemesida waf free for a few sites? How should I do that?
 
Hello! Could you explain one thing please? Can I use nemesida waf free for a few sites? How should I do that?
Hello,

The amount of protected web applications using Nemesida WAF Community Edition is unlimited.

To configure the protection of several web applications, it is enough to redirect traffic to Nemesida WAF for analysis (for example, in reverse proxy mode), which after analysis will send a request to the web application or block it.

However, it is worth remembering the restrictions of the Nemesida WAF Community Edition.
 
Back
Top