Protect your applications and APIs across any infrastructure. See the product now →

Open wallarm.com

Wallarm Documentation Home

Initializing search

Free Trial Free Trial

WAF guides
API Firewall guides
Wallarm API
FAQ
Demo videos

WAF guides
WAF guides

Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
- Home
- About Wallarm WAF
  About Wallarm WAF
  
  Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
  - How Wallarm WAF works
  - Detecting attacks
  - Detecting vulnerabilities
  - Attack and Vulnerability Types
  - Data management policies
    Data management policies
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Security Model of Shared Responsibility for Customer Data
    
    Data retention policy
  - Wallarm WAF subscription plans
  - Wallarm WAF deployment and maintenance best practices
- Quick Start
  Quick Start
  
  Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
- Administrator Guide
  Administrator Guide
  
  Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
  - Introduction to the Administrator Guide
  - Installation
    Installation
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Wallarm WAF deployment options
    
    NGINX
    NGINX
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    NGINX Installation Options Overview
    
    Installing as a Dynamic Module for NGINX stable
    
    Installing as a Dynamic Module for NGINX from Debian/CentOS Repositories
    
    Installing as a Dynamic Module for NGINX Plus
    
    Running Docker NGINX‑based image
    
    Kubernetes
    Kubernetes
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Installing NGINX Ingress Controller with Integrated Wallarm Services
    
    Installing Wallarm Sidecar Container
    Installing Wallarm Sidecar Container
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    How It Works
    
    Kubernetes Deployment Based on Helm Charts
    
    Kubernetes Deployment Based on Manifests
    
    Cloud Platforms
    Cloud Platforms
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Amazon AWS
    Amazon AWS
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    AWS Marketplace image deployment
    AWS Marketplace image deployment
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Creating and Configuring an AMI with the WAF Node
    
    Creating an Amazon Machine Image
    
    Deploying WAF Node Using Terraform
    Deploying WAF Node Using Terraform
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Introduction to using Terraform for the WAF node deployment
    
    Quick Start with Provided Example
    
    Description of Example Terraform Code
    
    Setting Up Filter Node Auto Scaling
    Setting Up Filter Node Auto Scaling
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Overview of the WAF node Auto Scaling Configuration on AWS
    
    Setting Up Filter Node Auto Scaling
    
    Setting Up Incoming Request Balancing on AWS
    
    Deployment of the WAF node Docker image to AWS
    
    Installation of the WAF node from DEB or RPM packages on AWS
    
    Google Cloud Platform
    Google Cloud Platform
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    GCP Marketplace image deployment
    GCP Marketplace image deployment
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Creating and Configuring a GCP Instance with the WAF Node
    
    Creating an Image with the Wallarm Filter Node
    
    Setting Up Filter Node Auto Scaling
    Setting Up Filter Node Auto Scaling
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Overview of the WAF node Auto Scaling Configuration on GCP
    
    Creating a Filter Node Instance Template
    
    Creating a Managed Instance Group with Enabled Auto Scaling
    
    Setting up Incoming Request Balancing on GCP
    
    Deployment of the WAF node Docker image to GCP
    
    Installation of the WAF node from DEB or RPM packages on GCP
    
    Microsoft Azure
    Microsoft Azure
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Deployment of the WAF node Docker image to Azure
    
    Installation of the WAF node from DEB or RPM packages on Azure
    
    Alibaba Cloud
    Alibaba Cloud
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Deployment of the WAF node Docker image to Alibaba Cloud
    
    Installation of the WAF node from DEB or RPM packages on Alibaba Cloud
    
    Yandex.Cloud
    Yandex.Cloud
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Yandex.Cloud Marketplace image deployment
    
    Deployment of the WAF node Docker image to Yandex.Cloud
    
    Installation of the WAF node from DEB or RPM packages on Yandex.Cloud
    
    Deployment of the WAF node to the private clouds
    
    Installing on the Kong Platform
    
    Running Docker Envoy‑based image
    
    Separate postanalytics module installation
    
    Checking the Filter Node Operation
  - Configuration
    Configuration
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Configuration Options (NGINX)
    
    Configuration options for the Envoy‑based WAF node
    
    Filtering Mode Configuration
    
    Blocking by IP Address
    Blocking by IP Address
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Methods of Blocking by IP Address
    
    Blocking with iptables
    
    Blocking with NGINX
    
    Configuration of the blocking page and error code
    
    Configuration of the Statistics Service
    
    Configuration of brute force protection
    
    Fine‑tuning of Wallarm Ingress Controller
    Fine‑tuning of Wallarm Ingress Controller
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Configuration Parameters
    
    Best Practices in Wallarm Ingress Controller Configuration
    Best Practices in Wallarm Ingress Controller Configuration
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Proper Reporting of End‑user Public IP Address
    
    Management of IP Addresses Blocking
    
    Configuration of IP Whitelisting for Wallarm Scanner
    
    High Availability Considerations
    
    Ingress Controller Monitoring
    
    Allocating Resources for WAF Node
    
    Analyzing Mirrored Traffic with NGINX
    
    Configuration of Filter Node for Separated Customer Environments
    Configuration of Filter Node for Separated Customer Environments
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    How WAF Filter Node Works in Separated Environments
    
    Recommendations on Configuring the Filter Node for Separated Environments
    
    Blocking Part of a Website
    
    Access to Wallarm API via Proxy
    
    Settings for Using a Balancer or Proxy
    
    WAF node and Wallarm Cloud synchronization configuration
    
    Working with Filter Node Logs
    
    Configuring dynamic DNS resolution in NGINX
    
    Using Single Sign‑On (SSO)
    Using Single Sign‑On (SSO)
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Overview of integration with the SAML SSO solution
    
    Connecting SSO with G Suite
    Connecting SSO with G Suite
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Overview of Steps for Connecting SSO with G Suite
    
    Step 1: Generating Parameters on the Wallarm Side (G Suite)
    
    Step 2: Creating and Configuring an Application in G Suite
    
    Step 3: Transferring G Suite Metadata to the Wallarm Setup Wizard
    
    Step 4: Allowing Access to the Wallarm Application on the G Suite Side
    
    Connecting SSO with Okta
    Connecting SSO with Okta
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Overview of Steps for Connecting SSO with Okta
    
    Step 1: Generating Parameters on the Wallarm Side (Okta)
    
    Step 2: Creating and Configuring an Application in Okta
    
    Step 3: Transferring Okta Metadata to the Wallarm Setup Wizard
    
    Step 4: Allowing Access to the Wallarm Application on the Okta Side
    
    Configuring SSO Authentication for Users
    
    Changing the Configured SSO Authentication
  - Monitoring & Failover
    Monitoring & Failover
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Configuring a Failover Method
    
    Using a Mirrored Wallarm Repository
    Using a Mirrored Wallarm Repository
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    How to Mirror the Wallarm Repository for CentOS
    
    How to Install Wallarm Packages from the Local JFrog Artifactory Repository for CentOS
    
    Monitoring the Filter Node
    Monitoring the Filter Node
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Introduction to the WAF node monitoring
    
    How to Fetch Metrics
    
    Available Metrics
    
    Examples of Exporting and Working with Metrics
    Examples of Exporting and Working with Metrics
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Grafana
    Grafana
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Exporting Metrics to InfluxDB via the `collectd` Network Plugin
    
    Exporting Metrics to Graphite via the `collectd` Write Plugin
    
    Working with the Filter Node Metrics in Grafana
    
    Nagios
    Nagios
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Exporting Metrics to Nagios via the `collectd-nagios` Utility
    
    Working with the Filter Node Metrics in Nagios
    
    Zabbix
    Zabbix
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Exporting Metrics to Zabbix via the `collectd-nagios` Utility
    
    Working with the Filter Node in Zabbix
  - Operations
    Operations
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Configuring SELinux
    
    Wallarm User Acceptance Testing Checklist
    
    Learning the amount of requests per month handled by the application
  - Support of the Scanner Operation
    Support of the Scanner Operation
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Best practices for configuring the Active threat verification feature
    
    Disabling the IP Address Blocking of the Wallarm Scanner
    
    Scanner Addresses
    Scanner Addresses
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Scanner Addresses for EU Cloud
    
    Scanner Addresses for US Cloud
    
    Contacting Wallarm Support to Stop the Resource Scanner
- User Guide
  User Guide
  
  Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
  - Introduction to the User Guide
  - Dashboards
    Dashboards
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Dashboards Overview
    
    WAF Dashboard
    
    Scanner Dashboard
  - Events
    Events
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Checking Events
    
    Analyzing Attacks
    
    Working with False Attacks
    
    Verifying Attacks
  - Vulnerabilities
    Vulnerabilities
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Checking Vulnerabilities
    
    Analyzing Vulnerabilities
    
    Closing and Opening Vulnerabilities
    
    Rechecking Vulnerabilities
    
    Working with False Vulnerabilities
  - Search and Filters
    Search and Filters
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Using Search and Filters
    
    Creating a Custom Report
  - Scanner
    Scanner
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Scanner Overview
    
    Working with the Scope
    
    Reserved Domains
    
    Scanner Settings
    Scanner Settings
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    General Scanner Settings
    
    Configuring Scanner Modules
  - Nodes
    Nodes
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    WAF nodes overview
    
    Regular WAF nodes
    
    Cloud WAF nodes
  - Rules
    Rules
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Application Profile Rules
    
    Inspecting Application Profile Rules
    
    Adding Rules in the Application Profile
    
    Building and unloading of a custom ruleset
    
    Analyzing and Parsing Requests
    
    Filter Mode Rule
    
    Rules for Data Masking
    
    Rules defining attack counters
    
    Rewriting the request before attack replaying
    
    Virtual Patching
    
    User‑Defined Detection Rules
  - Triggers
    Triggers
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Working with triggers
    
    Trigger examples
  - IP Address Blacklist
  - Settings
    Settings
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Profile
    
    General
    
    Subscriptions
    
    Applications
    
    Users
    
    Activity Log
    
    Integrations
    Integrations
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Integrations Overview
    
    Email Report
    
    Slack
    
    Telegram
    
    Opsgenie
    
    InsightConnect
    
    PagerDuty
    
    Splunk
    
    Sumo Logic
    
    Webhook
    Webhook
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Webhook Integration Overview
    
    Examples
    Examples
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    IBM QRadar via Fluentd
    
    IBM QRadar via Logstash
    
    Splunk Enterprise via Fluentd
    
    Splunk Enterprise via Logstash
    
    Micro Focus ArcSight Logger via Fluentd
    
    Micro Focus ArcSight Logger via Logstash
  - Using single sign‑on to Wallarm portal
- Working with the Partner WAF Node
  Working with the Partner WAF Node
  
  Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
- Updating and Migrating
  Updating and Migrating
  
  Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
  - What is new in WAF node 2.18
  - WAF node versioning policy
  - Recommendations for a safe WAF node update process
  - WAF node update instructions
    WAF node update instructions
    
    Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
    
    Updating Linux WAF packages
    
    Updating the separately installed postanalytics module
    
    Updating the running Docker NGINX- or Envoy-based image
    
    Updating NGINX Ingress controller with integrated Wallarm WAF
    
    Updating the cloud WAF node image
- Appendix
  Appendix
  
  Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
  - Glossary
API Firewall guides
API Firewall guides

Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
- Wallarm API Firewall overview
- Running API Firewall on Docker
Wallarm API
Wallarm API

Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
- Wallarm API overview
- Wallarm API request examples
FAQ
FAQ

Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠
Demo videos
Demo videos

Version 2.18 Version 2.16 Version 2.14 Version 2.12 ⚠

Home

Wallarm Advanced WAF protects websites, APIs, and microservices from OWASP Top 10, bots, and application abuse with no manual rule configuration and ultra‑low false positives.

Quick start

Deploy your first WAF node with the NGINX module in 20 minutes

About Wallarm WAF

Learn Wallarm WAF features, architecture, and supported platforms

Installation

Select the platform and quickly deploy your first WAF node to existing infrastucture

Configuration

Customize deployed WAF node settings to get the most out of Wallarm WAF for your company

Wallarm API

Learn how to use Wallarm API to extend WAF node functionality

Operating WAF via UI

Track and operate the system security state and WAF node together with your team via the Wallarm Console

Updating and migrating

Learn new WAF node features and keep your modules up-to-date

Attack and vulnerability types

Learn which attacks and vulnerabilities WAF node detects

Wallarm service status:

Terms of services | Privacy policy | Cookie policy | 2021 © Wallarm Inc.