Configuring the proxying and filtering rules

To process the HTTP requests, Wallarm uses the web and proxy server NGINX with additional modules to analyze the traffic. The NGINX-Wallarm configuration is similar to the NGINX configuration.

The distinction is in different processing modes and a different page that informs the client when a request is blocked.

To configure the proxying and filtering rules, you must:

  1. Edit the NGINX-Wallarm configuration file.
  2. Restart NGINX.

1. Edit the NGINX-Wallarm configuration file

Operating system Path
Debian/Ubuntu /etc/nginx-wallarm/sites-available
symlink /etc/nginx-wallarm/sites-enabled
CentOS /etc/nginx-wallarm/conf.d

You are recommended to create a separate configuration file with the server block within it for each group of domains that must be processed in the same way.

By default, Wallarm creates the file default or default.conf with the following contents:


    #
    # by default, proxy all to 127.0.0.1:8080
    #

    server {
            listen 80 default_server;
            listen [::]:80 default_server ipv6only=on;
            #listen 443 ssl;

            server_name localhost;

            #ssl_certificate cert.pem;
            #ssl_certificate_key cert.key;

            root /usr/share/nginx-wallarm/html;

            index index.html index.htm;

            # wallarm_mode monitoring;
            # wallarm_instance 1;

            location = /wallarm-status {
                    allow 127.0.0.1;
                    allow ::1;
                    deny all;
                    wallarm_status on;
            }

            location / {
                    proxy_pass http://127.0.0.1:8080;
                    include proxy_params;
            }
    }

A prepared configuration file example

Here's an example setup with the following conditions:

  • Only HTTP traffic is processed. There are no HTTPS requests.
  • Only two domains are requested: example.com and www.example.com.
  • All requests must be passed to the server 10.80.0.5.
  • All incoming requests are less than 1 MB (default setting).
  • Processing of a request takes no more than 60 seconds (default setting).
  • Wallarm must operate in the monitor mode.
  • Clients access the filter node directly, without an intermediate HTTP load balancer.

To meet the listed conditions, the contents of the configuration file must be:


    server {
      listen 80;
      listen [::]:80 ipv6only=on;

      # the domains for which traffic is processed
      server_name example.com; 
      server_name www.example.com;

      root /usr/share/nginx-wallarm/html;
      index index.html index.htm;

      # turn on the monitoring mode of traffic processing
      wallarm_mode monitoring; 
      # wallarm_instance 1;

      # turn on the technical page with node statistics
      location = /wallarm-status {
        allow 127.0.0.1;
        allow ::1;
        deny all;
        wallarm_status on;
            }

      location / {
        # setting the address for request forwarding
        proxy_pass http://10.80.0.5; 
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      }
    }

Fine tuning

To configure NGINX, see NGINX documentation.

To configure the filter node, see Wallarm configuration options.

2. Restart NGINX-Wallarm

After saving the edited configuration file, restart NGINX:

$ /etc/nginx-wallarm/sites-enabled # service nginx-wallarm reload

Check that the filter nodes is operational and filters traffic. See Check the filter node operation.

results matching ""

    No results matching ""