Checking the filtering node operation¶
If everything is configured correctly, Wallarm filters the requests and proxies the filtered requests in accordance with the configuration file settings.
To check the correct operation, you must:
-
Execute the
wallarm-status
request. -
Run a test attack.
1. Execute the wallarm-status
request¶
You can get filtering node operation statistics by requesting the /wallarm-status
URL.
Run the command:
The output will be like:
{ "requests":0,"attacks":0,"blocked":0,"abnormal":0,"tnt_errors":0,"api_errors":0,
"requests_lost":0,"segfaults":0,"memfaults":0, "softmemfaults":0,"time_detect":0,"db_id":46,
"custom_ruleset_id":16767,"proton_instances": { "total":1,"success":1,"fallback":0,"failed":0 },
"stalled_workers_count":0,"stalled_workers":[] }
This means that the filtering node statistics service is running and working properly.
The statistics service
You can read more about the statistics service and how to configure it here.
2. Run a test attack¶
To check if Wallarm correctly detects attacks, send a malicious request to the protected resource.
For example:
Wallarm must detect in the request Path Traversal.
Now the counter of the number of attacks will increase when a request for wallarm-status
is executed, which means that the filtering node is operating normally.
To learn more about the Wallarm filtering node settings, see the Configuration options chapter.