Skip to content

Protect your applications and APIs across any infrastructure. See the product now →

Open wallarm.com

Wallarm Documentation Home

Initializing search

Try for free Try for free

Product guides
Open source: API Firewall
API docs
FAQ
Demo videos

Wallarm Documentation

Product guides
Product guides

Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
- Home
- About Wallarm
  About Wallarm
  
  Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
  - How Wallarm API Security works
  - Detecting attacks
  - Detecting vulnerabilities
  - Discovering API structure
  - Attack and vulnerability types
  - Data management policies
    Data management policies
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Security model of shared responsibility for clients' data
    
    Data retention policy
  - Wallarm subscription plans
  - Wallarm API Security deployment and maintenance best practices
- Quick start
- Administrator Guide
  Administrator Guide
  
  Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
  - Introduction to the administrator guide
  - Installation
    Installation
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Deployment options
    
    NGINX
    NGINX
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    NGINX installation options overview
    
    Installing as a dynamic module for NGINX stable
    
    Installing as a dynamic module for NGINX from Debian/CentOS repositories
    
    Installing as a dynamic module for NGINX Plus
    
    Running Docker NGINX‑based image
    
    Kubernetes
    Kubernetes
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Installing NGINX Ingress Controller with integrated Wallarm services
    
    Chaining of the Wallarm and additional Ingress Controllers in the same Kubernetes cluster
    
    Deploying Wallarm as Kubernetes Sidecar proxy
    Deploying Wallarm as Kubernetes Sidecar proxy
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Deploying Wallarm Sidecar proxy
    
    Customizing Wallarm Sidecar proxy
    
    Supported per-pod's annotation
    
    Cloud platforms
    Cloud platforms
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Amazon AWS
    Amazon AWS
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    AWS Marketplace image deployment
    AWS Marketplace image deployment
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Creating and configuring an AMI with the Wallarm node
    
    Creating an Amazon Machine Image
    
    Setting up filtering node auto scaling
    Setting up filtering node auto scaling
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Overview of the filtering node auto scaling configuration on AWS
    
    Setting up filtering node auto scaling
    
    Setting up incoming request balancing on AWS
    
    Deployment of the Wallarm node Docker image to AWS
    
    Installation of the filtering node from DEB or RPM packages on AWS
    
    Google Cloud Platform
    Google Cloud Platform
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    GCP Marketplace image deployment
    GCP Marketplace image deployment
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Creating and configuring a GCP instance with the Wallarm node
    
    Creating an image with the Wallarm filtering node
    
    Setting up filtering node auto scaling
    Setting up filtering node auto scaling
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Overview of the filtering node auto scaling configuration on GCP
    
    Creating a filtering node instance template on GCP
    
    Creating a managed instance group with enabled auto scaling
    
    Setting up incoming request balancing on GCP
    
    Deployment of the Wallarm node Docker image to GCP
    
    Installation of the filtering node from DEB or RPM packages on GCP
    
    Microsoft Azure
    Microsoft Azure
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Deployment of the Wallarm node Docker image to Azure
    
    Installation of the filtering node from DEB or RPM packages on Azure
    
    Alibaba Cloud
    Alibaba Cloud
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Deployment of the Wallarm node Docker image to Alibaba Cloud
    
    Installation of the filtering node from DEB or RPM packages on Alibaba Cloud
    
    Deployment of the filtering node to the private clouds
    
    Specification of the Wallarm cloud-init script
    
    Deploying Wallarm on AWS using Terraform
    Deploying Wallarm on AWS using Terraform
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Overview
    
    Trying Wallarm Terraform Module with examples
    
    Installing on the Kong platform
    
    Running Docker Envoy‑based image
    
    Separate postanalytics module installation
    
    Checking the filtering node operation
    
    Deploying the multi‑tenant node
    Deploying the multi‑tenant node
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Multitenancy overview
    
    Creating tenant accounts in Wallarm Console
    
    Deploying and configuring multi-tenant node
    
    Deploying Wallarm CDN node
  - Configuration
    Configuration
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Configuration options for the NGINX‑based Wallarm node
    
    Configuration options for the Envoy‑based Wallarm node
    
    Configuration of filtration mode
    
    Configuration of the blocking page and error code
    
    Configuration of the Statistics Service
    
    Configuration of brute force protection
    
    Configuration of BOLA (IDOR) protection
    
    Fine‑tuning of Wallarm Ingress Controller
    Fine‑tuning of Wallarm Ingress Controller
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Configuration Parameters
    
    Best Practices in Wallarm Ingress Controller Configuration
    Best Practices in Wallarm Ingress Controller Configuration
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Proper Reporting of End‑user Public IP Address
    
    High Availability Considerations
    
    Ingress Controller Monitoring
    
    Allocating Resources for Wallarm Node
    
    Filtering mirrored traffic
    Filtering mirrored traffic
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Configuration of mirrored traffic filtration
    
    Example of NGINX configuration for traffic mirroring
    
    Example of Envoy configuration for traffic mirroring
    
    Example of Traefik configuration for traffic mirroring
    
    Example of Istio configuration for traffic mirroring
    
    Configuration of Filter Node for Separated Customer Environments
    Configuration of Filter Node for Separated Customer Environments
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    How Filtering Node Works in Separated Environments
    
    Recommendations on Configuring the Filter Node for Separated Environments
    
    Access to Wallarm API via Proxy
    
    Identifying an original client IP address if using a proxy or load balancer
    
    Filtering node and Wallarm Cloud synchronization configuration
    
    Working with Filter Node Logs
    
    Configuring dynamic DNS resolution in NGINX
    
    Using Single Sign‑On (SSO)
    Using Single Sign‑On (SSO)
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Overview of integration with the SAML SSO solution
    
    Connecting SSO with G Suite
    Connecting SSO with G Suite
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Overview of Steps for Connecting SSO with G Suite
    
    Step 1: Generating Parameters on the Wallarm Side (G Suite)
    
    Step 2: Creating and Configuring an Application in G Suite
    
    Step 3: Transferring G Suite Metadata to the Wallarm Setup Wizard
    
    Step 4: Allowing Access to the Wallarm Application on the G Suite Side
    
    Connecting SSO with Okta
    Connecting SSO with Okta
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Overview of Steps for Connecting SSO with Okta
    
    Step 1: Generating Parameters on the Wallarm Side (Okta)
    
    Step 2: Creating and Configuring an Application in Okta
    
    Step 3: Transferring Okta Metadata to the Wallarm Setup Wizard
    
    Step 4: Allowing Access to the Wallarm Application on the Okta Side
    
    Configuring SSO Authentication for Users
    
    Changing the Configured SSO Authentication
  - Monitoring & Failover
    Monitoring & Failover
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Configuring a Failover Method
    
    Using a Mirrored Wallarm Repository
    Using a Mirrored Wallarm Repository
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    How to Mirror the Wallarm Repository for CentOS
    
    How to Install Wallarm Packages from the Local JFrog Artifactory Repository for CentOS
    
    Monitoring the Filter Node
    Monitoring the Filter Node
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Introduction to the filtering node monitoring
    
    How to Fetch Metrics
    
    Available Metrics
    
    Examples of Exporting and Working with Metrics
    Examples of Exporting and Working with Metrics
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Grafana
    Grafana
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Exporting Metrics to InfluxDB via the `collectd` Network Plugin
    
    Exporting Metrics to Graphite via the `collectd` Write Plugin
    
    Working with the Filter Node Metrics in Grafana
    
    Nagios
    Nagios
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Exporting Metrics to Nagios via the `collectd-nagios` Utility
    
    Working with the Filter Node Metrics in Nagios
    
    Zabbix
    Zabbix
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Exporting Metrics to Zabbix via the `collectd-nagios` Utility
    
    Working with the Filter Node in Zabbix
  - Operations
    Operations
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Configuring SELinux
    
    Wallarm User Acceptance Testing Checklist
    
    Learning the amount of requests per month handled by the application
  - Support of the Scanner Operation
    Support of the Scanner Operation
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Best practices for configuring the Active threat verification feature
    
    Scanner Addresses
    Scanner Addresses
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Scanner Addresses for EU Cloud
    
    Scanner Addresses for US Cloud
    
    Contacting Wallarm Support to Stop the Resource Scanner
- User Guide
  User Guide
  
  Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
  - Introduction to the User Guide
  - Dashboard
  - Events
    Events
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Checking Events
    
    Analyzing Attacks
    
    Working with False Attacks
    
    Verifying Attacks
  - Vulnerabilities
    Vulnerabilities
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Checking Vulnerabilities
    
    Analyzing Vulnerabilities
    
    Closing and Opening Vulnerabilities
    
    Rechecking Vulnerabilities
    
    Working with False Vulnerabilities
  - API Discovery
  - Search and Filters
    Search and Filters
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Using Search and Filters
    
    Creating a Custom Report
  - Scanner
    Scanner
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Scanner Overview
    
    Working with the Scope
    
    Reserved Domains
    
    Scanner Settings
    Scanner Settings
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    General Scanner Settings
    
    Configuring Scanner Modules
  - Nodes
    Nodes
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Wallarm nodes
    
    CDN filtering nodes
  - Rules
    Rules
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Application Profile Rules
    
    Inspecting Application Profile Rules
    
    Adding Rules in the Application Profile
    
    Building and unloading of a custom ruleset
    
    Custom ruleset backup and restore
    
    Analyzing and Parsing Requests
    
    Available rule types
    Available rule types
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Managing request parsers
    
    Setting response headers
    
    Filtration mode rule
    
    Rules for Data Masking
    
    Customizing the module for active threat verification
    
    Virtual Patching
    
    User‑Defined Detection Rules
    
    Ignoring certain attack types
    
    Ignoring attack signs in the binary data
    
    The overlimit_res attack detection fine‑tuning
  - Triggers
    Triggers
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Working with triggers
    
    Trigger examples
  - IP lists
    IP lists
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Types and core logic of IP lists
    
    IP address allowlist
    
    IP address graylist
    
    IP address denylist
  - Settings
    Settings
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Profile
    
    General
    
    Subscriptions
    
    Applications
    
    API Discovery
    
    Integrations
    Integrations
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Integrations Overview
    
    Email Report
    
    Slack
    
    Telegram
    
    Microsoft Teams
    
    InsightConnect
    
    Opsgenie
    
    PagerDuty
    
    Sumo Logic
    
    Splunk
    
    Datadog
    
    Fluentd
    
    Logstash
    
    Webhook
    
    Examples of integrations via intermediate data collectors
    Examples of integrations via intermediate data collectors
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    IBM QRadar via Fluentd
    
    IBM QRadar via Logstash
    
    Splunk Enterprise via Fluentd
    
    Splunk Enterprise via Logstash
    
    Micro Focus ArcSight Logger via Fluentd
    
    Micro Focus ArcSight Logger via Logstash
    
    Datadog via Fluentd/Logstash
    
    Users
    
    Activity Log
  - Using single sign‑on to Wallarm portal
- Upgrading and Migrating
  Upgrading and Migrating
  
  Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
  - What is new in Wallarm node 4.2
  - Filtering node versioning policy
  - Recommendations for a safe node upgrade process
  - Filtering node upgrade instructions
    Filtering node upgrade instructions
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    Upgrading Wallarm NGINX modules
    
    Upgrading the postanalytics module
    
    Upgrading the Wallarm Docker NGINX- or Envoy-based image
    
    Upgrading NGINX Ingress controller with integrated Wallarm modules
    
    Upgrading the cloud node image
    
    Upgrading Wallarm CDN node
  - Upgrading the multi-tenant node
  - Upgrading Wallarm node 2.18 and lower
    Upgrading Wallarm node 2.18 and lower
    
    Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
    
    What is new in Wallarm node (if upgrading node 2.18 or lower)
    
    Upgrading Wallarm NGINX modules 2.18 or lower
    
    Upgrading the postanalytics module 2.18 or lower
    
    Upgrading the Docker NGINX- or Envoy-based image of Wallarm node 2.18 or lower
    
    Upgrading NGINX Ingress controller with integrated Wallarm modules 2.18 or lower
    
    Upgrading the cloud node image 2.18 or lower
    
    Migrating allowlists and denylists from Wallarm node 2.18 and lower to 3.x
- Appendix
  Appendix
  
  Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
  - Glossary
Open source: API Firewall
Open source: API Firewall

Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
API docs
API docs

Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
- Wallarm API overview
- Wallarm API request examples
FAQ
FAQ

Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠
Demo videos
Demo videos

Version 4.2 Version 4.0 Version 3.6 Version 3.4 Version 3.2 ⚠

Home¶

Wallarm API Security protects websites, APIs, and microservices from OWASP Top 10, bots, and application abuse with no manual rule configuration and ultra‑low false positives.

Quick start

Deploy the Wallarm node of the CDN type in 15 minutes by only changing the domain's DNS records

About Wallarm

Learn Wallarm API Security features, architecture, and supported platforms

Installation

Select the platform and quickly deploy your first Wallarm node to existing infrastucture

Configuration

Customize deployed node settings to get the most out of Wallarm API Security for your company

Wallarm API

Learn how to use Wallarm API to extend Wallarm node functionality

Using Wallarm

Track and operate the system security state and Wallarm node together with your team via Wallarm Console

Updating and migrating

Learn new Wallarm node features and keep your modules up-to-date

Attack and vulnerability types

Learn which attacks and vulnerabilities Wallarm API Security detects

Wallarm service status:

Terms of services | Privacy policy | Cookie policy | 2022 © Wallarm Inc.