Quick start with Wallarm platform¶
These instructions describe how to quickly deploy the first Wallarm NGINX‑based filtering node and learn its basic features. This approach is recommended to be used only to try the product. To deploy the Wallarm node in the production environment, please refer to separate guides for supported platforms.
The Wallarm platform quick start is performed using the provided Shell script to be run on a server with a supported Linux‑based operating system (OS).
How the quick start script works¶
The Shell script getwallarm.sh used for the Wallarm platform quick start performs the following steps:
Disable the SELinux mechanism if it is installed on the OS. Wallarm quick deployment is not compatible with active SELinux.
Install the latest stable version of NGINX from the NGINX official repository.
Install the Wallarm packages for both the Wallarm NGINX and postanalytics modules.
Register the new Wallarm node in the Wallarm Cloud.
Configure the local NGINX instance to act as a reverse proxy for the specified domain with Wallarm node filtering requests in the blocking mode.
Configure NGINX IP blocking functionality following the instructions.
Configure the allowlist with the Wallarm Scanner IPs following the instructions.
Send the following test requests:
- GET request to
http://127.0.0.8/wallarm-statusto check the accessibility of the Wallarm statistics service.
- GET request to the NGINX instance address (port 80/TCP) to check the accessibility of the domain protected by Wallarm.
GET request containing malicious payloads of the SQLi and XSS types to the NGINX instance address:
curl -H "Host: $DOMAIN_NAME" http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
The request should be blocked by the Wallarm node (the HTTP response code should be 403).
If the actual response is different from the expected one, the script returns the corresponding message.
- GET request to
Create an account in Wallarm Console using the link for the EU or US Wallarm Cloud.
Install one of the supported OS listed below on your server. For the Wallarm node deployment to be completed successfully, please install the OS from the image/distributive with the basic package set and do not apply any additional configurations to the installed OS. The quick start script may not be able to handle the OS customizations (e.g. security hardening or additional configurations fitting your internal server management standards).
- Debian 10.x (buster)
- Ubuntu 16.04 LTS (xenial)
- Ubuntu 18.04 LTS (bionic)
- Ubuntu 20.04 LTS (focal)
- CentOS 7.x
- CentOS 8.x
Connect to the server and become root user (e.g. by using command
Download the script getwallarm.sh by using one of the following commands:
curl -o getwallarm.sh https://raw.githubusercontent.com/wallarm/quick-start/stable/2.18/getwallarm.sh
wget -O getwallarm.sh https://raw.githubusercontent.com/wallarm/quick-start/stable/2.18/getwallarm.sh
Run the script passing the proper parameters:
sh getwallarm.sh -u <YOUR_WALLARM_USERNAME> -p <YOUR_WALLARM_PASSWORD> -S <WALLARM_CLOUD> -n <WALLARM_NODE_NAME> -d <DOMAIN_NAME> -o <ORIGIN_SERVER>
Parameter Description Required?
Email to the Deploy or Administrator user account in Wallarm Console. Yes
Password to the Deploy or Administrator user account in Wallarm Console. Yes
Wallarm Cloud name being used. Possible values are
eu(by default) and
Wallarm node name. By default, the script assigns the host name to the node.
The specified name can be changed in Wallarm Console → Nodes later.
The Wallarm filtering node will be configured to handle traffic for this domain. The value can be your company website or public API endpoint. If not sure about which domain name to use, you can always experiment with any public site (e.g.
Default value is
The Wallarm filtering node will be configured to send upstream requests to the specified IP address or domain name. If this parameter is not specified explicitly, the script uses the value of
Ensure the script returned the message
We've completed the Wallarm node deployment process.
If any errors occurred during the script execution, the script would return appropriate error messages.
Open the Wallarm Console → Events section in the EU Cloud or US Cloud and ensure the SQLi and XSS attacks are displayed in the list.
Wallarm node quick deployment is successfully completed!
To continue the product exploring, we recommend learning more about the following Wallarm platform features:
System event notifications configured via native integrations with DevOps tools and triggers
Wallarm node production deployment¶
When the Wallarm quick start is completed and basic API Security features are explored, you are recommended to proceed to the production deployment.