Skip to content

Updating the running Docker NGINX- or Envoy-based image

These instructions describe the steps to update the running Docker NGINX- or Envoy-based image to the version 3.4.

Using credentials of already existing Wallarm node

We do not recommend to use the already existing Wallarm node of the previous version. Please follow these instructions to create a new filtering node of the version 3.4 and deploy it as the Docker container.

Breaking changes and recommendations for different node type upgrade

  • If upgrading Wallarm node 2.18 or lower, please note that version 3.x contains breaking changes. Before upgrading the modules of 2.18 and lower up to 3.4, please carefully review the list of Wallarm node changes and consider a possible configuration change.
  • We recommend to upgrade both the regular (client) and partner nodes of version 3.2 or lower up to version 3.4. It allows to stay up to date with Wallarm releases and prevent installed module deprecation.

Requirements

  • Access to the account with the Deploy or Administrator role and two‑factor authentication disabled in Wallarm Console in the EU Cloud or US Cloud

  • Access to https://api.wallarm.com:444 if working with EU Wallarm Cloud or to https://us1.api.wallarm.com:444 if working with US Wallarm Cloud. Please ensure the access is not blocked by a firewall

Step 1: Inform Wallarm technical support that you are updating filtering node modules

If updating Wallarm node 2.18 or lower, please inform Wallarm technical support that you are updating filtering node modules up to 3.4 and ask to enable new IP lists logic for your Wallarm account. When new IP lists logic is enabled, please open Wallarm Console and ensure that the section IP lists is available.

Step 2: Download the updated filtering node image

docker pull wallarm/node:3.4.1-1
docker pull wallarm/envoy:3.4.0-1

Step 3: Stop the running container

docker stop <RUNNING_CONTAINER_NAME>

Step 4: Run the container using the updated image

  1. If updating Wallarm node 2.18 or lower, migrate whitelist and blacklist configuration from previous Wallarm node version to 3.4 following the instructions.

  2. Run the container using the updated image. You can pass the same configuration parameters that were passed when running a previous image version except for the WALLARM_ACL_ENABLE variable.

    There are two options for running the container using the updated image:

Step 5: Adjust Wallarm node filtration mode settings to changes released in version 3.2

If upgrading Wallarm node 3.0 or lower:

  1. Ensure that the expected behavior of settings listed below corresponds to the changed logic of the off and monitoring filtration modes:

  2. If the expected behavior does not correspond to the changed filtration mode logic, please adjust the filtration mode settings to released changes using the instructions.

Step 6: Test the filtering node operation

  1. Send the request with test SQLI and XSS attacks to the protected resource address:

    curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
    
  2. Open the Wallarm Console → Events section in the EU Cloud or US Cloud and ensure attacks are displayed in the list.

    Attacks in the interface

Step 7: Delete the filtering node of the previous version

If the deployed image of the version 3.4 operates correctly, you can delete the filtering node of the previous version in the Wallarm Console → Nodes section.