Skip to content

Installing and configuring a partner WAF node

Requirements

  • Partner account in the Wallarm system and a parther UUID

  • Linked clients and IDs of the partner-client links

  • Execution of commands by the user with the Global administrator or Deploy/Administrator role. The user with the Deploy/Administrator role must be added to the technical client or partner client account depending on which account the WAF node should be created

  • Disabled two‑factor authentication for the user executing the commands

  • Supported platform for the WAF node installation

Partner WAF node characteristics

Partner WAF node has the following characteristics:

  • Can be installed on the same platforms and according to the same instructions as a regular WAF node.

  • Can be installed on the technical client or partner client level. If you want to provide a client with access to the Wallarm Console, the WAF node must be installed at the corresponding partner client level.

  • Can be configured according to the same instructions as a regular WAF node, except for:

    • The directive wallarm_instance is used to split settings by clients. Splitting by applications does not work.
    • To enable blocking of requests by IP addresses, please send a request to Wallarm technical support. After blocking is enabled, to block IP addresses, you need to add them to the blacklist at the technical client account level.

Recommendations for a partner WAF node installation

  • If the client should access the Wallarm Console, the WAF node should be created within an appropriate partner client account

  • Describe the WAF node configuration in the client's NGINX configuration file

Procedure for a partner WAF node installation

  1. Select a WAF node installation form and follow the appropriate instructions:

  2. Send a request for switching the WAF node to partner status to the Wallarm technical support. Send the following data with the request:

    • Partner UUID obtained when creating a partner account
    • Installed WAF node UUID displayed in the Wallarm Console → section Nodes

  3. Open the client's NGINX configuration file and specify the partner-client link ID in the wallarm_instance directive.

    Example of the client's NGINX configuration file:

    server {
    listen       80;
    server_name  client1.com;
    wallarm_mode block;
    wallarm_instance 13;

    location / {
        proxy_pass      http://upstream1:8080;
    }
}

server {
    listen       80;
    server_name  client2.com;
    wallarm_mode monitoring;
    wallarm_instance 14;

    location / {
        proxy_pass      http://upstream2:8080;
    }
}
    • On the client side, the DNS A records with the partner IP address are configured
    • On the partner side, proxying of requests to the addresses of clients (http://upstream1:8080 for the client with the partner-client link ID 13 and http://upstream2:8080 for the client with the partner-client link ID 14) is configured
    • All incoming requests are processed on the partner address, legitimate requests are sent to http://upstream1:8080 for the client with the partner-client link ID 13 and to http://upstream2:8080 for the client with the partner-client link ID 14

Configuring a partner WAF node

To customize the WAF node settings, use the available directives.

Common customization options: