Skip to content

Installing the Filter Node (NGINX)

Request processing

Request processing by a filter node consists of the following phases:

  • Initial processing by the NGINX-Module-Wallarm
  • Postanalytics and the statistical analysis of the processed requests.

This instruction describes the installation of the Wallarm filter node as a dynamic module for NGINX on the same server with postanalytics.

To install the filter node, do the following:

  1. Install NGINX.

  2. Add the Wallarm repositories, from which you will download packages.

  3. Install the Wallarm packages.

  4. Configure postanalytics.

  5. Connect the Wallarm module.

  6. Connect the filter node to the Wallarm cloud.

Prerequisites

  • Prior to taking any steps listed below, either disable or configure SELinux if it is installed on the operating system.
  • Make sure that you execute all commands below as superuser (e.g. root).

1. Install NGINX

Install NGINX from the official NGINX repositoriy by following the instruction that corresponds with your operating system from the list below.

Stable NGINX version

Make sure you are installing the stable version of NGINX. The mainline part of the path must be omitted from the NGINX repository link.

2. Add the Wallarm Repositories

The filter node is installed and updated from the Wallarm repositories.

Depending on your operating system, run one of the commands:

apt-get install dirmngr
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
sh -c "echo 'deb http://repo.wallarm.com/debian/wallarm-node jessie/2.14/' > /etc/apt/sources.list.d/wallarm.list"
apt-get update

apt-get install dirmngr
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
sh -c "echo 'deb http://repo.wallarm.com/debian/wallarm-node stretch/2.14/' > /etc/apt/sources.list.d/wallarm.list"
apt-get update

apt-get install dirmngr
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
sh -c "echo 'deb http://repo.wallarm.com/debian/wallarm-node buster/2.14/' > /etc/apt/sources.list.d/wallarm.list"
apt-get update

apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
sh -c "echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node trusty/2.14/' > /etc/apt/sources.list.d/wallarm.list"
apt-get update

apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
sh -c "echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/2.14/' > /etc/apt/sources.list.d/wallarm.list"
apt-get update

apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
sh -c "echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/2.14/' > /etc/apt/sources.list.d/wallarm.list"
apt-get update

yum install --enablerepo=extras -y epel-release centos-release-SCL
rpm -i https://repo.wallarm.com/centos/wallarm-node/6/2.14/x86_64/Packages/wallarm-node-repo-1-5.el6.noarch.rpm

yum install -y epel-release
rpm -i https://repo.wallarm.com/centos/wallarm-node/7/2.14/x86_64/Packages/wallarm-node-repo-1-5.el7.noarch.rpm

yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -i https://repo.wallarm.com/centos/wallarm-node/7/2.14/x86_64/Packages/wallarm-node-repo-1-5.el7.noarch.rpm

Repository access

Your system must have access to https://repo.wallarm.com to download the packages.

Ensure the access is not blocked by a firewall.

3. Install the Wallarm Packages

Depending on your operating system, run one of the commands:

apt-get install --no-install-recommends wallarm-node nginx-module-wallarm

apt-get install --no-install-recommends wallarm-node nginx-module-wallarm

apt-get install --no-install-recommends wallarm-node nginx-module-wallarm

apt-get install --no-install-recommends wallarm-node nginx-module-wallarm

apt-get install --no-install-recommends wallarm-node nginx-module-wallarm

apt-get install --no-install-recommends wallarm-node nginx-module-wallarm

yum install wallarm-node nginx-module-wallarm

yum install wallarm-node nginx-module-wallarm

yum install wallarm-node nginx-module-wallarm

4. Configure Postanalytics

Postanalytics uses the in-memory storage Tarantool. The Tarantool database is used to keep in a circular buffer a local copy of the data stream processed by a WAF node, including request/response headers and request bodies (but not response bodies).

The recommended value is 75% of the total server memory. However, there is a more accurate way to define the required value. To make a WAF node efficient, the database should keep at least 15 minutes of transmitted data with about 2x overhead for data serialization. Following these points, the amount of memory can be estimated by the formula:

Speed of request processing per minute in bytes * 15 * 2

For example, if a WAF node is handling at peak 50 MBps of end-user requests, the required Tarantool database memory consumption can be estimated as the following:

50 MBps / 8 (bits in a byte) * 60 (seconds in a minute) * 15 * 2 = 11,250,000,000 bytes (or ~ 10.4 GB)

The sizing of Tarantool memory is controlled using the SLAB_ALLOC_ARENA attribute in the /etc/default/wallarm-tarantool configuration file. To allocate memory:

  1. Open for editing the configuration file of Tarantool:
vi /etc/default/wallarm-tarantool

vi /etc/default/wallarm-tarantool

vi /etc/default/wallarm-tarantool

vi /etc/default/wallarm-tarantool

vi /etc/default/wallarm-tarantool

vi /etc/default/wallarm-tarantool

vi /etc/sysconfig/wallarm-tarantool

vi /etc/sysconfig/wallarm-tarantool

vi /etc/sysconfig/wallarm-tarantool
  1. Set the SLAB_ALLOC_ARENA attribute to memory size. For example:
SLAB_ALLOC_ARENA=10.4
  1. Restart Tarantool:
systemctl restart wallarm-tarantool

systemctl restart wallarm-tarantool

systemctl restart wallarm-tarantool

service wallarm-tarantool restart

service wallarm-tarantool restart

service wallarm-tarantool restart

service wallarm-tarantool restart

systemctl restart wallarm-tarantool

systemctl restart wallarm-tarantool

To learn how long a Tarantool instance is capable of keeping traffic details with the current level of WAF node load, you can use the wallarm-tarantool/gauge-timeframe_size monitoring metric.

To get more information about memory allocation, please use this documentation.

5. Connect the Wallarm Module

Open the /etc/nginx/nginx.conf file.

Ensure that you have the include /etc/nginx/conf.d/* line in the file. If you do not, add it.

Add the following directive right after the worker_processes directive:

load_module modules/ngx_http_wallarm_module.so;

Configuration example with the added directive:

user  nginx;
worker_processes  auto;
load_module modules/ngx_http_wallarm_module.so;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

Copy the configuration files for the system setup:

cp /usr/share/doc/nginx-module-wallarm/examples/*.conf /etc/nginx/conf.d/

6. Connect the Filter Node to the Wallarm Cloud

API Access

The API choice for your filter node depends on the Cloud you are using. Please, select the API accordingly:

Ensure the access is not blocked by a firewall.

The filter node interacts with the Wallarm cloud.

To connect the node to the cloud using your cloud account requisites, proceed with the following steps:

  1. Make sure that your Wallarm account has the Administrator role enabled and two-factor authentication disabled, therefore allowing you to connect a filter node to the cloud.

    You can check the aforementioned parameters by navigating to the user account list in the Wallarm console.

    !User list in Wallarm console

  2. Run the addnode script in a system with the filter node:

    Info

    You have to pick the script to run depending on the Cloud you are using.

    /usr/share/wallarm-common/addnode

    /usr/share/wallarm-common/addnode -H us1.api.wallarm.com

    To specify the name of the created node, use the -n <node name> option.

  3. Provide your Wallarm account’s login and password when prompted.

Installation Completed

The installation is completed.

Now you need to configure the filter node to filter traffic. See Configure the Proxying and Filtering Rules.