Skip to content

Updating the running Docker NGINX- or Envoy-based image

These instructions describe the steps to update the running Docker NGINX- or Envoy-based image to the version 2.18.

Using credentials of already existing WAF node

We do not recommend to use the already existing WAF node of the previous version. Please follow these instructions to create a new WAF node of the version 2.18 and deploy it as the Docker container.

Requirements

  • Access to the account with the Deploy or Administrator role and two‑factor authentication disabled in Wallarm Console in the EU Cloud or US Cloud

  • Access to https://api.wallarm.com:444 if working with EU Wallarm Cloud or to https://us1.api.wallarm.com:444 if working with US Wallarm Cloud. Please ensure the access is not blocked by a firewall

Step 1: Download the updated WAF node image

docker pull wallarm/node:2.18.0-3
docker pull wallarm/envoy:2.18.0-1

Step 2: Stop the running container

docker stop <RUNNING_CONTAINER_NAME>

Step 3: Run the container using the updated image

When running the container using the updated image, you can pass the same configuration parameters that were passed when running a previous image version. If some parameters are deprecated or added in the new WAF node version, the appropriate information is published in the list of the new version changes.

There are two options for running the container using the updated image:

Step 4: Test the WAF node operation

  1. Send the request with test SQLI and XSS attacks to the protected resource address:

    curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
    

    If the WAF node works in the block mode, the request will be blocked and the code 403 Forbidden will be returned.

  2. Open the Wallarm Console → Events section in the EU Cloud or US Cloud and ensure attacks are displayed in the list.

    Attacks in the interface

Step 5: Delete the WAF node of the previous version

If the deployed image of the version 2.18 operates correctly, you can delete the WAF node of the previous version in the Wallarm Console → Nodes section.