Skip to content

Upgrading the Docker NGINX- or Envoy-based image

These instructions describe the steps to upgrade the running Docker NGINX- or Envoy-based image 4.x to the version 4.6.

Using credentials of already existing Wallarm node

We do not recommend using the already existing Wallarm node of the previous version. Please follow these instructions to create a new filtering node of the version 4.6 and deploy it as the Docker container.

To upgrade the end‑of‑life node (3.6 or lower), please use the different instructions.


  • Docker installed on your host system

  • Access to to download the Docker image. Please ensure the access is not blocked by a firewall

  • Access to the account with the Administrator role in Wallarm Console in the US Cloud or EU Cloud

  • Access to if working with US Wallarm Cloud or to if working with EU Wallarm Cloud. Please ensure the access is not blocked by a firewall

  • Access to the IP addresses of Google Cloud Storage listed within the link. When you allowlist, denylist, or graylist entire countries, regions, or data centers instead of individual IP addresses, the Wallarm node retrieves precise IP addresses related to the entries in the IP lists from the aggregated database hosted on Google Storage.

Step 1: Download the updated filtering node image

docker pull wallarm/node:4.6.2-1
docker pull wallarm/envoy:4.6.2-1

Step 2: Update the Wallarm blocking page (if upgrading NGINX-based image)

In new node version, the Wallarm sample blocking page has been changed. The logo and support email on the page are now empty by default.

If the Docker container was configured to return the &/usr/share/nginx/html/wallarm_blocked.html page to blocked requests, change this configuration as follows:

  1. Copy and customize the new version of a sample page.

  2. Mount the customized page and the NGINX configuration file to a new Docker container in the next step.

Step 3: Stop the running container


Step 4: Run the container using the new image

  1. Proceed to Wallarm Console → Nodes and create Wallarm node.

    Creation of a Wallarm node

  2. Copy the generated token.

  3. Run the updated image using the copied token. You can pass the same configuration parameters that were passed when running a previous image version (except for the node token).

    There are two options for running the container using the updated image:

Step 5: Test the filtering node operation

  1. Send the request with test Path Traversal attack to a protected resource address:

    curl http://localhost/etc/passwd
  2. Open Wallarm Console → Events section in the US Cloud or EU Cloud and make sure the attack is displayed in the list.
    Attacks in the interface

Step 6: Delete the filtering node of the previous version

If the deployed image of the version 4.6 operates correctly, you can delete the filtering node of the previous version in Wallarm Console → Nodes.