Skip to content

Quick start with Wallarm platform

The Wallarm platform protects web applications, APIs, and microservices from OWASP and OWASP Top 10 attacks, bots, and application abuse with ultra‑low false positives. You can start using the platform in full for free with a limitation of 500K API monthly requests by following this guide.

Under a quick start, you will register your Wallarm account and run the first Wallarm filtering node in a few minutes. Having a free quota, you will be able to try on the product power on real traffic.

Create Wallarm account and get Free tier

To create a Wallarm account:

  1. Follow the registration link either in the US or EU Wallarm Cloud and input your personal data.

    More details on Wallarm Clouds →

  2. Confirm your account by following the link from the confirmation message sent to your email.

Once an account is registered and confirmed, it is automatically assigned with Free tier or Free trial depending on the Wallarm Cloud being used:

  • In the US Cloud, Free tier allows you to explore the power of the Wallarm solution for free on 500 thousand monthly requests.

  • In the EU Cloud, there is a trial period allowing you to explore the Wallarm solution for free for 14 days.

As for the US cloud, there is the option to explore Wallarm even before deploying any components to your environment - Playground.

Learn Wallarm in Playground

Accounts in the US Wallarm Cloud are featured with Playground which enables the Wallarm platform exploration without having to deploy any platform components. In Playground, you can access the Wallarm Console view like it is filled with real data.

Wallarm Console is the major Wallarm platform component that displays data on processed traffic and allows the platform fine-tuning. So, with Playground you can learn and try out how the product works, and get some useful examples of its usage in the read-only mode.

UI to create account

To try the Wallarm solution capabilities on your traffic, exit Playground and deploy the first Wallarm filtering node following the instructions for the quickest start.

Deploy the Wallarm filtering node

Wallarm supports many options for the filtering node deployment. You can either learn them and choose the most appropriate one or follow the quickest way to start with Wallarm as described below.

To quickly deploy the node as a component of your infrastructure, first make sure you have:

Deploy the Wallarm filtering node from the Docker image:

  1. Open Wallarm Console → Nodes in the US Cloud or EU Cloud and create the node of the Wallarm node type.

    Wallarm node creation

    As for the Multi-tenant node checkbox, leave it unticked. This checkbox is related to the corresponding feature setup that is not a part of a quick start.

  2. Copy the generated token.

  3. Run the container with the created node:

docker run -d -e WALLARM_API_TOKEN='XXXXXXX' -e NGINX_BACKEND='example.com' -e WALLARM_API_HOST='us1.api.wallarm.com' -p 80:80 wallarm/node:4.4.0-1
docker run -d -e WALLARM_API_TOKEN='XXXXXXX' -e NGINX_BACKEND='example.com' -p 80:80 wallarm/node:4.4.0-1
Environment variable Description Required
WALLARM_API_TOKEN Wallarm node token copied from the Wallarm Console UI. Yes
NGINX_BACKEND Domain or IP address of the resource to protect with the Wallarm solution. Yes
WALLARM_API_HOST Wallarm API server:
  • us1.api.wallarm.com for the US Cloud
  • api.wallarm.com for the EU Cloud
By default: api.wallarm.com.
No
WALLARM_MODE Node mode:
  • block to block malicious requests
  • safe_blocking to block only those malicious requests originating from graylisted IP addresses
  • monitoring to analyze but not block requests
  • off to disable traffic analyzing and processing
By default: monitoring.
Detailed description of filtration modes →
No

To test the deployment, run the first attack with the Path Traversal malicious payload:

curl http://localhost/etc/passwd

If NGINX_BACKEND is example.com, additionally pass the -H 'Host: example.com' option in the curl command.

Since the node operates in the monitoring filtration mode by default, the Wallarm node will not block the attack but will register it. To check that the attack has been registered, proceed to Wallarm Console → Events:

Attacks in the interface

Next steps

Wallarm node quick deployment has been successfully completed!

To get more from the deployment stage:

To further fine-tune the deployed node, learn the features: