Skip to content

Quick start with Wallarm API Security

The quickest way to deploy the Wallarm filtering node is to use the node of the CDN type that mitigates malicious traffic without placing any third‑party components in the application's infrastructure.

All that is required to deploy the CDN node is to specify the domain to be protected and add the Wallarm CNAME record to the domain's DNS records.

If the CDN node does not meet your requirements, learn other supported deployment options.

How CDN node works

Wallarm CDN node operates as a reverse proxy to the protected server. It analyzes incoming traffic, mitigates malicious requests and forwards legitimate requests to the protected server.

CDN node operation scheme

As for the other characteristics of the Wallarm CDN node:

  • The CDN node is hosted by the third-party cloud provider, so no resources are required from your infrastructure to deploy the CDN node.

    Uploading request data to the third-party cloud provider

    Some data on processed requests is uploaded to the Lumen service.

  • The CDN node uploads some request data to the Wallarm Cloud. Learn more about uploaded data and cutting the sensitive data

  • The default operation mode of the CDN node is blocking. It blocks all malicious requests with the code 403. To change the mode, use the corresponding rule.

  • The CDN node is fully configured via Wallarm Console UI. The only setting to be changed in another way is adding the Wallarm CNAME record to the protected resource's DNS records.

Requirements

  • The website to be protected

  • The IPv4 associated with the website (IPv6 not supported)

  • Sufficient access permissions to edit the DNS records of the domain

  • The Administrator role assigned to the user configuring the CDN node

CDN node deployment

  1. Create an account in Wallarm Console using the link for the US or EU Wallarm Cloud.

    More details on Wallarm Clouds →

  2. Open Wallarm Console → NodesCDNCreate node.

  3. Input the domain address to be protected, e.g. example.com.

    The specified address must not contain the scheme and slashes.

  4. Make sure Wallarm correctly identifies the origin address associated with the specified domain. Otherwise, please change the automatically discovered origin address.

    CDN node creation modal

    Dynamic update of origin address

    If your hosting provider dynamically updates the origin IP address or domain associated with the protected resource, please keep the origin address specified in the CDN node configuration up to date. Wallarm Console enables you to change the origin address at any time.

    Otherwise, requests will not reach the protected resource since the CDN node will try to proxy them to an incorrect origin address.

  5. Wait for the CDN node registration to finish.

    Once the CDN node registration is finished, the CDN node status will be changed to Requires CNAME.

  6. Add the CNAME record generated by Wallarm to the DNS records of the protected domain.

    If the CNAME record is already configured for the domain, please replace its value with the one generated by Wallarm.

    CDN node creation modal

    Depending on your DNS provider, changes to DNS records can take up to 24 hours to propagate and take effect on the Internet. Once the new CNAME record is propagated, the Wallarm CDN node will proxy all incoming requests to the protected resource and block malicious ones.

  7. If required, upload the custom SSL/TLS certificate.

    Wallarm will generate the Let's Encrypt certificate for the CDN node domain by default.

  8. Once DNS record changes propagated, send test attack to the protected domain:

    curl http://<PROTECTED_DOMAIN>/?id='or+1=1--a-<script>prompt(1)</script>'
    
    • The request will be blocked by the Wallarm CDN node (the HTTP response code is 403).
    • The blocked request data will be displayed in Wallarm Console → Events, e.g.:

      Attacks in the interface

Next steps

Wallarm node quick deployment is successfully completed!

To continue the product exploration, we recommend learning more about the following Wallarm API Security features:

CDN node troubleshooting

What do CDN node statuses mean?

The following statuses may appear in Wallarm Console → Nodes for CDN nodes:

  • Registering: Wallarm registers the CDN node in the cloud provider.

    Required action: wait for the Requires CNAME status to add the Wallarm CNAME record to the protected domain's DNS records.

  • Requires CNAME: Wallarm CNAME record is not added to the DNS records of the protected domain or it is added but not propagated yet.

    Required action: add the CNAME record provided by Wallarm to the DNS records of the protected domain or wait for the changes to take effect on the Internet.

    If changes do not take effect for more than 24 hours, please check that your domain provider successfully updated the DNS records. If so, but the Not propagated yet status is still displayed in Wallarm Console, please contact the Wallarm technical support.

    The next expected status is Active.

  • Configuring: Wallarm processes changed origin address or SSL/TLS certificate.

    Required action: wait for the Active status.

  • Active: Wallarm CDN node mitigates the malicious traffic.

    Required action: none. You can monitor the events the CDN node detects.

  • Deleting: Wallarm deletes the CDN node.

    Required action: none, please wait for deletion to be finished.

How to identify the CNAME record propagated?

The Nodes section of Wallarm Console displays the actual status of whether the Wallarm CNAME record took effect on the Internet. If the CNAME record is propagated, the CDN node status is Active.

In addition, you can check the HTTP response headers with the following request:

curl -v <PROTECTED_DOMAIN>

If the Wallarm CNAME record is propagated, the response will contain the section-io-* headers.

If the CNAME record is not propagated for more than 24 hours, please check that your domain provider successfully updated the DNS records. If so, but the Not propagated yet status is still displayed in Wallarm Console, please contact the Wallarm technical support.

The CDN node is highlighted in red in the Nodes section. What does it mean?

If the CDN node is highlighted in red in the Nodes section, an error occurred during its registration or configuration due to the following possible reasons:

  • Unknown error while registering the node in the third-party cloud provider

    Required action: contact the Wallarm technical support.

  • Invalid custom SSL/TLS certificate

    Required action: make sure the uploaded certificate is valid. If not, upload the valid one.

The CDN node highlighted in red does not proxy requests and as a result, does not mitigate malicious traffic.