Skip to content

Security Edge Inline

The Security Edge platform provides a managed service for deploying nodes across geographically distributed locations within a Wallarm-hosted environment. One of its key deployment options is inline deployment, offering real-time, robust protection for your entire API landscape without the need for any onsite installation.

This is an ideal solution for securing APIs when you can redirect traffic from your hosts to Wallarm's edge nodes by modifying the CNAME records in your DNS settings.

!

How it works

Security Edge service provides a secure cloud environment where the Wallarm node is deployed, hosted, and managed by Wallarm:

  • Turnkey deployment: deploy Wallarm nodes in globally distributed locations with minimal setup.

  • Autoscaling: node instances automatically scale to handle varying traffic loads.

  • Reduced costs: lower operational overhead with Wallarm-managed nodes, allowing faster deployment and scalability.

  • Seamless integration: simple configuration with your existing CDN or load balancers, allowing you to protect your API landscape without disruptions.

Running the Edge inline node

  1. The Security Edge deployment is available only with the corresponding subscription. Contact sales@wallarm.com to obtain it.

  2. Go to the Wallarm Console → Security EdgeEdge inlineAdd origin.

  3. Specify the origin (source server or infrastructure) where the Edge node will forward the filtered traffic. This can be either an IP address or a domain.

  4. Choose one or more regions to deploy the Wallarm node.

    We recommend selecting regions close to where your APIs or applications are hosted. Deploying in multiple regions enhances geo-redundancy and ensures high availability.

  5. In the Hosts section, specify the domains or subdomains that will direct traffic to the Wallarm node.

    Set the Wallarm mode for each host and, if needed, associate the host's traffic with a Wallarm application.

  6. (Optional) For specific locations within hosts, you can adjust the following parameters:

    • proxy_read_timeout: defines how long Wallarm waits for a response from the origin server before closing the connection.
    • proxy_send_timeout: sets the time Wallarm waits for the origin server to acknowledge request data before terminating the connection.
    • client_max_body_size: limits the maximum request body size allowed from the client to the origin server (useful for file uploads or data size control).
  7. Add the Wallarm-generated CNAME record to your DNS settings.

    If a CNAME already exists, replace its value with the Wallarm-generated one.

    DNS changes can take up to 24 hours to propagate. Once the CNAME is updated, Wallarm will proxy all traffic and mitigate malicious requests.

Limitations

  • Second-level domains are not supported (e.g., instead domain.com use www.domain.com).

  • Only domains shorter than 64 characters are supported.

  • Only HTTPS traffic is supported; HTTP is not allowed.

Upgrading the Edge node

Since the Edge node is a managed solution, Wallarm takes care of all upgrades. The latest stable node version is always deployed on the Edge.