Skip to content

Updating Linux WAF packages

These instructions describe the steps to update Linux WAF packages to version 2.18. Linux WAF packages are packages installed in accordance with one of the following instructions:

Update procedure

  • If WAF node and postanalytics modules are installed on the same server, then follow the instrutions below to update all packages.

  • If WAF node and postanalytics modules are installed on different servers, then first update the postanalytics module following these instructions and perform the steps below for WAF node modules.

Step 1: Add new Wallarm WAF repository

Delete the previous Wallarm WAF repository address and add a repository with a new WAF node version package. Please use the commands for the appropriate platform.

CentOS and Amazon Linux 2

sudo yum remove wallarm-node-repo
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/7/2.18/x86_64/Packages/wallarm-node-repo-1-5.el7.noarch.rpm

sudo yum remove wallarm-node-repo
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/8/2.18/x86_64/Packages/wallarm-node-repo-1-5.el8.noarch.rpm

Debian and Ubuntu

  1. Open the file with the Wallarm WAF repository address in the installed text editor. In these instructions, vim is used.

    sudo vim /etc/apt/sources.list.d/wallarm.list

  2. Comment out or delete the previous repository address.

  3. Add a new repository address:

    deb http://repo.wallarm.com/debian/wallarm-node stretch/2.18/

    deb http://repo.wallarm.com/debian/wallarm-node stretch/2.18/
deb http://repo.wallarm.com/debian/wallarm-node stretch-backports/2.18/

    deb http://repo.wallarm.com/debian/wallarm-node buster/2.18/

    deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/2.18/

    deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/2.18/

Step 2: Update Wallarm WAF packages

WAF node and postanalytics on the same server

sudo apt update
sudo apt dist-upgrade

sudo apt update
sudo apt dist-upgrade

sudo yum update

WAF node and postanalytics on different servers

Sequence of steps to update the WAF node and postanalytics modules

If the WAF node and postanalytics modules are installed on different servers, then it is required to update the postanalytics packages before updating the WAF node packages.

  1. Update postanalytics packages following these instructions.

  2. Update WAF node packages:

    sudo apt update
sudo apt dist-upgrade

    sudo apt update
sudo apt dist-upgrade

    sudo yum update

Step 3: Restart NGINX

sudo systemctl restart nginx

sudo service nginx restart

sudo systemctl restart nginx

Step 4: Test Wallarm WAF operation

  1. Get the WAF node statistics:

    curl http://127.0.0.8/wallarm-status

    The request will return statistics about analyzed requests. The response format is provided below. A more detailed description of parameters is available by the link.

    { "requests":0,"attacks":0,"blocked":0,"abnormal":0,"tnt_errors":0,"api_errors":0,
"requests_lost":0,"segfaults":0,"memfaults":0,"softmemfaults":0,"time_detect":0,"db_id":46,
"lom_id":16767,"proton_instances": { "total":1,"success":1,"fallback":0,"failed":0 },
"stalled_workers_count":0,"stalled_workers":[] }

  2. Send the request with test SQLI and XSS attacks to the application address:

    curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'

    If the WAF node mode is block, then the request will be blocked with the response 403 Forbidden returned.

  3. Send the request to wallarm-status and ensure the values of parameters requests and attacks increased:

    curl http://127.0.0.8/wallarm-status

  4. Open the Wallarm Console → Events section in the EU Cloud or US Cloud and ensure attacks are displayed in the list.

    Attacks in the interface

Settings customization

Wallarm WAF modules are updated to version 2.18. Previous WAF node settings will be applied to the new version automatically. To make additional settings, use the available directives.

Common customization options: