WAF node version 2.16 is now available! Learn about what is new and upgrade installed modules.

Wallarm Documentation Home

Request a demo Demo

Initializing search

WAF guides
FAQ

WAF guides
WAF guides

Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
- Home
- What is New
- About Wallarm WAF
  About Wallarm WAF
  
  Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
- Quick Start
  Quick Start
  
  Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
  - Prerequisites
  - Installation
    Installation
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Creating the Wallarm Account
    
    Install the Filter Node (NGINX)
  - Configure Traffic Proxying
  - Check the Filter Node Operation
- Administrator Guide
  Administrator Guide
  
  Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
  - Introduction
  - Installation
    Installation
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Supported Platforms
    
    NGINX
    NGINX
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Installation Options Overview
    
    Installing as a Dynamic Module for NGINX stable
    
    Installing as a Dynamic Module for NGINX from Debian/CentOS Repositories
    
    Installing as a Dynamic Module for NGINX Plus
    
    Running Docker NGINX‑based image
    
    Kubernetes
    Kubernetes
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Installing NGINX Ingress Controller with Integrated Wallarm Services
    
    Installing Wallarm Sidecar Container
    Installing Wallarm Sidecar Container
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    How It Works
    
    Kubernetes Deployment Based on Helm Charts
    
    Kubernetes Deployment Based on Manifests
    
    Cloud Platforms
    Cloud Platforms
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Installation Options Overview
    
    Installing on Amazon AWS
    Installing on Amazon AWS
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Creating and Configuring the Wallarm Filter Node Instance
    
    Creating an Amazon Machine Image
    
    Deploying WAF Node Using Terraform
    Deploying WAF Node Using Terraform
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Introduction
    
    Quick Start with Provided Example
    
    Description of Example Terraform Code
    
    Setting Up Filter Node Auto Scaling
    Setting Up Filter Node Auto Scaling
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Overview
    
    Setting Up Filter Node Auto Scaling
    
    Setting Up Incoming Request Balancing
    
    Installing on the Google Cloud Platform
    Installing on the Google Cloud Platform
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Creating and Configuring the Wallarm Filter Node Instance
    
    Creating an Image with the Wallarm Filter Node
    
    Setting Up Filter Node Auto Scaling
    Setting Up Filter Node Auto Scaling
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Overview
    
    Creating a Filter Node Instance Template
    
    Creating a Managed Instance Group with Enabled Auto Scaling
    
    Setting up Incoming Request Balancing
    
    Installing on Yandex.Cloud
    
    Installing on the Kong Platform
    
    Running Docker Envoy‑based image
    
    Separate Postanalytics Installation
    
    Checking the Filter Node Operation
  - Configuration
    Configuration
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Configuration Options (NGINX)
    
    Configuration options for the Envoy‑based WAF node
    
    Filtering Mode Configuration
    
    Blocking by IP Address
    Blocking by IP Address
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Methods of Blocking by IP Address
    
    Blocking with iptables
    
    Blocking with NGINX
    
    Configuration of the Statistics Service
    
    Fine‑tuning of Wallarm Ingress Controller
    Fine‑tuning of Wallarm Ingress Controller
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Configuration Parameters
    
    Best Practices in Wallarm Ingress Controller Configuration
    Best Practices in Wallarm Ingress Controller Configuration
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Proper Reporting of End‑user Public IP Address
    
    Management of IP Addresses Blocking
    
    Configuration of IP Whitelisting for Wallarm Scanner
    
    High Availability Considerations
    
    Ingress Controller Monitoring
    
    Allocating Resources for WAF Node
    
    Analyzing Mirrored Traffic with NGINX
    
    Configuration of Filter Node for Separated Customer Environments
    Configuration of Filter Node for Separated Customer Environments
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    How WAF Filter Node Works in Separated Environments
    
    Recommendations on Configuring the Filter Node for Separated Environments
    
    Blocking Part of a Website
    
    Access to Wallarm API via Proxy
    
    Settings for Using a Balancer or Proxy
    
    Masking Sensitive Data
    
    Filter Node and Cloud Synchronization Configuration
    
    Working with Filter Node Logs
    
    Using Single Sign‑On (SSO)
    Using Single Sign‑On (SSO)
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Introduction
    
    Connecting SSO with G Suite
    Connecting SSO with G Suite
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Overview
    
    Step 1: Generating Parameters on the Wallarm Side
    
    Step 2: Creating and Configuring an Application in G Suite
    
    Step 3: Transferring G Suite Metadata to the Wallarm Setup Wizard
    
    Step 4: Allowing Access to the Wallarm Application on the G Suite Side
    
    Connecting SSO with Okta
    Connecting SSO with Okta
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Overview
    
    Step 1: Generating Parameters on the Wallarm Side
    
    Step 2: Creating and Configuring an Application in Okta
    
    Step 3: Transferring Okta Metadata to the Wallarm Setup Wizard
    
    Step 4: Allowing Access to the Wallarm Application on the Okta Side
    
    Configuring SSO Authentication for Users
    
    Changing the Configured SSO Authentication
  - Integration
    Integration
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Configuring a Failover Method
    
    Using a Mirrored Wallarm Repository
    Using a Mirrored Wallarm Repository
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    How to Mirror the Wallarm Repository for CentOS
    
    How to Install Wallarm Packages from the Local JFrog Artifactory Repository for CentOS
    
    Monitoring the Filter Node
    Monitoring the Filter Node
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Introduction
    
    How to Fetch Metrics
    
    Available Metrics
    
    Examples of Exporting and Working with Metrics
    Examples of Exporting and Working with Metrics
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Grafana
    Grafana
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Exporting Metrics to InfluxDB via the `collectd` Network Plugin
    
    Exporting Metrics to Graphite via the `collectd` Write Plugin
    
    Working with the Filter Node Metrics in Grafana
    
    Nagios
    Nagios
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Exporting Metrics to Nagios via the `collectd-nagios` Utility
    
    Working with the Filter Node Metrics in Nagios
    
    Zabbix
    Zabbix
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Exporting Metrics to Zabbix via the `collectd‑nagios` Utility
    
    Working with the Filter Node in Zabbix
  - Operations
    Operations
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Configuring SELinux
    
    Wallarm User Acceptance Testing Checklist
    
    Learning the amount of requests per month handled by the application
  - Wallarm API
  - Support of the Scanner Operation
    Support of the Scanner Operation
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Disabling the IP Address Blocking of the Wallarm Scanner
    
    Scanner Addresses
    Scanner Addresses
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Scanner Addresses for EU Cloud
    
    Scanner Addresses for US Cloud
    
    Contacting Wallarm Support to Stop the Resource Scanner
- User Guide
  User Guide
  
  Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
  - Introduction
  - Dashboards
    Dashboards
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Overview
    
    WAF Dashboard
    
    Scanner Dashboard
  - Events
    Events
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Checking Events
    
    Analyzing Attacks
    
    Working with False Attacks
    
    Verifying Attacks
  - Vulnerabilities
    Vulnerabilities
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Checking Vulnerabilities
    
    Analyzing Vulnerabilities
    
    Closing and Opening Vulnerabilities
    
    Rechecking Vulnerabilities
    
    Working with False Vulnerabilities
  - Search and Filters
    Search and Filters
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Using Search
    
    Using Filters
    
    Creating a Custom Report
  - Scanner
    Scanner
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Scanner Overview
    
    Working with the Scope
    
    Reserved Domains
    
    Scanner Settings
    Scanner Settings
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Overview
    
    Configuring Scanner Modules
  - Nodes
    Nodes
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    WAF nodes overview
    
    Regular WAF nodes
    
    Cloud WAF nodes
  - Rules
    Rules
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Application Profile Rules
    
    Inspecting Application Profile Rules
    
    Adding Rules in the Application Profile
    
    Compilation and Update Of Security Rules
    
    Analyzing Requests
    
    Filter Mode Rule
    
    Rules for Data Masking
    
    Rules defining attack counters
    
    Virtual Patching
    
    User‑Defined Detection Rules
  - Triggers
    Triggers
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Working with triggers
    
    Trigger examples
  - IP Address Blacklist
  - Settings
    Settings
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Profile
    
    General
    
    Subscriptions
    
    Applications
    
    Markers
    
    Users
    
    Activity Log
    
    Integrations
    Integrations
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Integrations Overview
    
    Email Report
    
    Slack
    
    Telegram
    
    OpsGenie
    
    InsightConnect
    
    PagerDuty
    
    Splunk
    
    Sumo Logic
    
    Webhook
    Webhook
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Overview
    
    Examples
    Examples
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    IBM QRadar via Fluentd
    
    IBM QRadar via Logstash
    
    Splunk Enterprise via Fluentd
    
    Splunk Enterprise via Logstash
    
    Micro Focus ArcSight Logger via Fluentd
    
    Micro Focus ArcSight Logger via Logstash
  - Using single sign‑on to Wallarm portal
- Working with the Partner WAF Node
  Working with the Partner WAF Node
  
  Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
- Updating and Migrating
  Updating and Migrating
  
  Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
  - WAF node versioning policy
  - Recommendations for a safe WAF node update process
  - WAF node update instructions
    WAF node update instructions
    
    Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
    
    Updating Linux WAF packages
    
    Updating the separately installed postanalytics module
    
    Updating Docker
    
    Updating NGINX Ingress controller with integrated Wallarm WAF
    
    Updating the cloud WAF node image
- Appendix
  Appendix
  
  Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠
  - Glossary
  - Attack and Vulnerability Types
FAQ
FAQ

Version 2.16 Version 2.14 Version 2.12 Version 2.10 ⚠

Home

Wallarm Advanced WAF protects websites, APIs, and microservices from OWASP Top 10, bots, and application abuse with no manual rule configuration and ultra‑low false positives.

Quick start

Deploy your first WAF node with the NGINX module in 20 minutes

About Wallarm WAF

Learn Wallarm WAF features, architecture, and supported platforms

Installation

Select the platform and quickly deploy your first WAF node to existing infrastucture

Configuration

Customize deployed WAF node settings to get the most out of Wallarm WAF for your company

Wallarm API

Learn how to use Wallarm API to extend WAF node functionality

Operating WAF via UI

Track and operate the system security state and WAF node together with your team via the Wallarm Console

Updating and migrating

Learn new WAF node features and keep your modules up-to-date

Attack and vulnerability types

Learn which attacks and vulnerabilities WAF node detects

Wallarm service status:

Terms of services | Privacy policy | Cookie policy | 2020 © Wallarm Inc.