Skip to content

Updating Linux WAF packages

These instructions describe the steps to update Linux WAF packages installed according to the instructions below to the version 2.14.

Update procedure

  • If WAF node and postanalytics modules are installed on the same server, follow the instrutions below to update all packages.

  • If WAF node and postanalytics modules are installed on different servers, first update the postanalytics module following these instructions and perform the steps below for WAF node modules.

Step 1: Add new Wallarm WAF repositories

  1. Open the file with the Wallarm WAF repository address in the installed text editor. In this instruction, vim is used.

    sudo vim /etc/apt/sources.list.d/wallarm.list
    
    sudo vim /etc/apt/sources.list.d/wallarm.list
    
    sudo vim /etc/yum.repos.d/wallarm-node.repo
    
  2. Comment out the previous repository address and add an address for Wallarm WAF 2.14:

    # deb http://repo.wallarm.com/debian/wallarm-node jessie/
    # deb http://repo.wallarm.com/debian/wallarm-node jessie-backports/
    deb http://repo.wallarm.com/debian/wallarm-node jessie/2.14/
    deb http://repo.wallarm.com/debian/wallarm-node jessie-backports/2.14/
    
    # deb http://repo.wallarm.com/debian/wallarm-node stretch/
    deb http://repo.wallarm.com/debian/wallarm-node stretch/2.14/
    
    # deb http://repo.wallarm.com/debian/wallarm-node stretch/
    # deb http://repo.wallarm.com/debian/wallarm-node stretch-backports/
    deb http://repo.wallarm.com/debian/wallarm-node stretch/2.14/
    deb http://repo.wallarm.com/debian/wallarm-node stretch-backports/2.14/
    
    # deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/
    deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/2.14/
    
    # deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/
    deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/2.14/
    
    [wallarm-node]
    # baseurl=http://repo.wallarm.com/centos/wallarm-node/6/$basearch
    baseurl=http://repo.wallarm.com/centos/wallarm-node/6/2.14/$basearch
    
    [wallarm-node]
    # baseurl=http://repo.wallarm.com/centos/wallarm-node/7/$basearch
    baseurl=http://repo.wallarm.com/centos/wallarm-node/7/2.14/$basearch
    
  3. Upload files from the newly added repository:

    sudo apt update
    
    sudo apt update
    
    sudo yum update
    

Step 2: Update Wallarm WAF packages

WAF node and postanalytics on the same server

sudo apt install wallarm-node --no-install-recommends
sudo apt install wallarm-node --no-install-recommends
sudo yum update wallarm-node

WAF node and postanalytics on different servers

  1. Update postanalytics packages following these instructions.

  2. Update WAF node packages:

    sudo apt install wallarm-node-nginx --no-install-recommends
    
    sudo apt install wallarm-node-nginx --no-install-recommends
    
    sudo yum update wallarm-node-nginx
    

Step 3: Restart NGINX

sudo systemctl restart nginx
sudo service nginx restart
sudo service nginx restart
sudo systemctl restart nginx

Step 4: Test Wallarm WAF operation

  1. Get the WAF node statistics:

    curl http://127.0.0.8/wallarm-status
    

    The request will return statistics about analyzed requests. Response format is provided below, more detailed description of parameters is available by the link.

    { "requests":0,"attacks":0,"blocked":0,"abnormal":0,"tnt_errors":0,"api_errors":0,
    "requests_lost":0,"segfaults":0,"memfaults":0,"softmemfaults":0,"time_detect":0,"db_id":46,
    "lom_id":16767,"proton_instances": { "total":1,"success":1,"fallback":0,"failed":0 },
    "stalled_workers_count":0,"stalled_workers":[] }
    

  2. Send the request with test SQLI and XSS attacks to the application address:

    curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
    

    WAF node will block the request and the code 403 Forbidden will be returned in the response to the request.

  3. Send the request to wallarm-status and ensure the values of parameters requests and attacks increased:

    curl http://127.0.0.8/wallarm-status
    
  4. Open Wallarm Console → Events section in the EU Cloud or US Cloud and ensure attacks are displayed in the list.

    Attacks in the interface

Settings customization

Wallarm WAF modules are updated to version 2.14. Previous WAF node settings will be automatically applied to the new version. To make additional settings, use the available directives.

Common customization options: