Upgrading Wallarm NGINX modules¶

These instructions describe the steps to update Linux node packages to version 2.18. Linux node packages are packages installed in accordance with one of the following instructions:

• NGINX stable module

• Module for NGINX from CentOS/Debian repositories

• NGINX Plus module

• Kong module

Update procedure¶

• If filtering node and postanalytics modules are installed on the same server, then follow the instrutions below to update all packages.

• If filtering node and postanalytics modules are installed on different servers, then first update the postanalytics module following these instructions and perform the steps below for filtering node modules.

Step 1: Add new Wallarm repository¶

Delete the previous Wallarm repository address and add a repository with a new Wallarm node version package. Please use the commands for the appropriate platform.

CentOS and Amazon Linux 2.0.2021x and lower

sudo yum remove wallarm-node-repo
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/7/2.18/x86_64/Packages/wallarm-node-repo-1-6.el7.noarch.rpm

sudo yum remove wallarm-node-repo
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/8/2.18/x86_64/Packages/wallarm-node-repo-1-6.el8.noarch.rpm

Debian and Ubuntu

1. Open the file with the Wallarm repository address in the installed text editor. In these instructions, vim is used.

   sudo vim /etc/apt/sources.list.d/wallarm.list
   

2. Comment out or delete the previous repository address.

3. Add a new repository address:

   Debian 9.x (stretch)Debian 9.x (stretch-backports)Debian 10.x (buster)Ubuntu 16.04 LTS (xenial)Ubuntu 18.04 LTS (bionic)

   deb http://repo.wallarm.com/debian/wallarm-node stretch/2.18/
   

   deb http://repo.wallarm.com/debian/wallarm-node stretch/2.18/
   deb http://repo.wallarm.com/debian/wallarm-node stretch-backports/2.18/
   

   deb http://repo.wallarm.com/debian/wallarm-node buster/2.18/
   

   deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/2.18/
   

   deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/2.18/
   

Step 2: Update Wallarm packages¶

Filtering node and postanalytics on the same server¶

sudo apt update
sudo apt dist-upgrade

sudo apt update
sudo apt dist-upgrade

sudo yum update

Filtering node and postanalytics on different servers¶

1. Update postanalytics packages following these instructions.

2. Update Wallarm node packages:

   DebianUbuntuCentOS or Amazon Linux 2.0.2021x and lower

   sudo apt update
   sudo apt dist-upgrade
   

   sudo apt update
   sudo apt dist-upgrade
   

   sudo yum update
   

Step 3: Restart NGINX¶

sudo systemctl restart nginx

sudo service nginx restart

sudo systemctl restart nginx

Step 4: Test Wallarm node operation¶

1. Send the request with test SQLI and XSS attacks to the protected resource address:

   curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
   

2. Open the Wallarm Console → Events section in the US Cloud or EU Cloud and ensure attacks are displayed in the list.
   

   

Settings customization¶

The Wallarm modules are updated to version 2.18. Previous filtering node settings will be applied to the new version automatically. To make additional settings, use the available directives.

Common customization options:

• Configuration of the filtration mode

• Logging Wallarm node variables

• Using the balancer of the proxy server behind the filtering node

• Adding Wallarm Scanner addresses to the allowlist in the block filtration mode

• Limiting the single request processing time in the directive wallarm_process_time_limit

• Limiting the server reply waiting time in the NGINX directive proxy_read_timeout

• Limiting the maximum request size in the NGINX directive client_max_body_size

• Configuring dynamic DNS resolution in NGINX

• Double‑detection of attacks with libdetection