Configuring traffic proxying¶
To process the HTTP requests, Wallarm uses the web and proxy server NGINX with additional modules to analyze the traffic.
1. Edit the NGINX Configuration Files¶
The etc/nginx/conf.d
directory contains NGINX and Wallarm filter node configuration files.
By default, this directory contains the following configuration files:
-
The
default.conf
file defines the configuration of NGINX. -
The
wallarm.conf
file defines the global configuration of Wallarm filter node. -
The
wallarm-status.conf
file defines the Wallarm monitoring configuration.
You can create your own configuration files to define the operation of NGINX and Wallarm. It is recommended to create a separate configuration file with the server
block for each group of the domains that should be processed in the same way.
To see detailed information about working with NGINX configuration files, proceed to the official NGINX documentation.
Wallarm directives define the operation logic of the Wallarm filter node. To see the list of Wallarm directives available, proceed to the Wallarm configuration options page.
A Configuration File Example¶
Let us suppose that you need to configure the server to work in the following conditions:
-
Only HTTP traffic is processed. There are no HTTPS requests processed.
-
The following domains receive the requests:
example.com
andwww.example.com
. -
All requests must be passed to the server
10.80.0.5
. -
All incoming requests are considered less than 1MB in size (default setting).
-
The processing of a request takes no more than 60 seconds (default setting).
-
Wallarm must operate in the monitor mode.
-
Clients access the filter node directly, without an intermediate HTTP load balancer.
Creating a configuration file
You can create a custom NGINX configuration file (e.g. example.com.conf
) or modify the default NGINX configuration file (default.conf
).
When creating a custom configuration file, make sure that NGINX listens to the incoming connections on the free port.
To meet the listed conditions, the contents of the configuration file must be the following:
server {
listen 80;
listen [::]:80 ipv6only=on;
# the domains for which traffic is processed
server_name example.com;
server_name www.example.com;
# turn on the monitoring mode of traffic processing
wallarm_mode monitoring;
# wallarm_instance 1;
location / {
# setting the address for request forwarding
proxy_pass http://10.80.0.5;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
2. Set up the Filter Node for Using a Proxy Server¶
Info
This setup step is intended for users who use their own proxy server for the operation of the protected web applications.
If you do not use a proxy server, skip this step of the setup.
You need to assign new values to the environment variables, which define the proxy server used, to configure Wallarm node for using your proxy server.
Add new values of the environment variables to the /etc/environment
file:
-
Add
https_proxy
to define a proxy for the https protocol. -
Add
http_proxy
to define a proxy for the http protocol. -
Add
no_proxy
to define the list of the resources proxy should not be used for.
Assign the <scheme>://<proxy_user>:<proxy_pass>@<host>:<port>
string values to the https_proxy
and http_proxy
variables.
-
<scheme>
defines the protocol used. It should match the protocol that the current environment variable sets up proxy for. -
<proxy_user>
defines the username for proxy authorization. -
<proxy_pass>
defines the password for proxy authorization. -
<host>
defines a host of the proxy server. -
<port>
defines a port of the proxy server.
Assign a "<res_1>, <res_2>, <res_3>, <res_4>, ..."
array value, where <res_1>
, <res_2>
, <res_3>
, and <res_4>
are the IP addresses and/or domains, to the no_proxy
variable to define a list of the resources which proxy should not be used for. This array should consist of IP addresses and/or domains.
Resources that need to be addressed without a proxy
Add the following IP addresses and domain to the list of the resources that have to be addressed without a proxy for the system to operate correctly: 127.0.0.1
, 127.0.0.8
, 127.0.0.9
, and localhost
.
The 127.0.0.8
and 127.0.0.9
IP addresses are used for the operation of the Wallarm filter node.
The example of the correct /etc/environment
file contents below demonstrates the following configuration:
-
HTTPS and HTTP requests are proxied to the
1.2.3.4
host with the1234
port, using theadmin
username and the01234
password for authorization on the proxy server. -
Proxying is disabled for the requests sent to
127.0.0.1
,127.0.0.8
,127.0.0.9
, andlocalhost
.
https_proxy=http://admin:01234@1.2.3.4:1234
http_proxy=http://admin:01234@1.2.3.4:1234
no_proxy="127.0.0.1, 127.0.0.8, 127.0.0.9, localhost"
3. Restart NGINX¶
After saving the edited configuration file, restart NGINX:
sudo systemctl restart nginx
sudo service nginx restart
sudo systemctl restart nginx
Perform the checking to see that the WAF node is operational and filters traffic. See Check the WAF node operation →