Skip to content

Updating the running Docker NGINX- or Envoy-based image

These instructions describe the steps to update the running Docker NGINX- or Envoy-based image to the version 3.2.

Using credentials of already existing Wallarm node

We do not recommend to use the already existing Wallarm node of the previous version. Please follow these instructions to create a new filtering node of the version 3.2 and deploy it as the Docker container.

Breaking changes and recommendations for different node type update

  • The Wallarm node 3.x is totally incompatible with Wallarm node of version 2.18 and lower. Before updating the modules up to 3.2, please carefully review the list of Wallarm node changes and consider a possible configuration change.
  • We recommend to update both the regular (client) and partner nodes of version 3.0 or lower up to version 3.2. This release enables IP greylists and other new features and stabilizes Wallarm node operation.

Requirements

  • Access to the account with the Deploy or Administrator role and two‑factor authentication disabled in Wallarm Console in the EU Cloud or US Cloud

  • Access to https://api.wallarm.com:444 if working with EU Wallarm Cloud or to https://us1.api.wallarm.com:444 if working with US Wallarm Cloud. Please ensure the access is not blocked by a firewall

Step 1: Inform Wallarm technical support that you are updating filtering node modules

If updating Wallarm node 2.18 or lower, please inform Wallarm technical support that you are updating filtering node modules up to 3.2 and ask to enable new IP lists logic for your Wallarm account. When new IP lists logic is enabled, please open the Wallarm Console and ensure that the section IP lists is available.

Step 2: Adjust Wallarm node filtration mode settings to changes released in version 3.2

  1. Ensure that the expected behavior of settings listed below corresponds to the changed logic of the off and monitoring filtration modes:

  2. If the expected behavior does not correspond to the changed filtration mode logic, please adjust the filtration mode settings to released changes using the instructions.

Step 3: Download the updated filtering node image

docker pull wallarm/node:3.2.1-1
docker pull wallarm/envoy:3.2.0-2

Step 4: Stop the running container

docker stop <RUNNING_CONTAINER_NAME>

Step 5: Run the container using the updated image

  1. If updating Wallarm node 2.18 or lower, migrate whitelist and blacklist configuration from previous Wallarm node version to 3.2 following the instructions.

  2. Run the container using the updated image. You can pass the same configuration parameters that were passed when running a previous image version except for the WALLARM_ACL_ENABLE variable.

    There are two options for running the container using the updated image:

Step 6: Test the filtering node operation

  1. Send the request with test SQLI and XSS attacks to the protected resource address:

    curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
    
  2. Open the Wallarm Console → Events section in the EU Cloud or US Cloud and ensure attacks are displayed in the list.

    Attacks in the interface

Step 7: Delete the filtering node of the previous version

If the deployed image of the version 3.2 operates correctly, you can delete the filtering node of the previous version in the Wallarm Console → Nodes section.