Skip to content

Updating Linux node packages

These instructions describe the steps to update Linux node packages to version 3.4. Linux node packages are packages installed in accordance with one of the following instructions:

Breaking changes and recommendations for different node type upgrade

  • If upgrading Wallarm node 2.18 or lower, please note that version 3.x contains breaking changes. Before upgrading the modules of 2.18 and lower up to 3.4, please carefully review the list of Wallarm node changes and consider a possible configuration change.
  • We recommend to upgrade both the regular (client) and partner nodes of version 3.2 or lower up to version 3.4. It allows to stay up to date with Wallarm releases and prevent installed module deprecation.

Update procedure

  • If filtering node and postanalytics modules are installed on the same server, then follow the instrutions below to update all packages.

  • If filtering node and postanalytics modules are installed on different servers, then first update the postanalytics module following these instructions and perform the steps below for filtering node modules.

Step 1: Inform Wallarm technical support that you are updating filtering node modules

If updating Wallarm node 2.18 or lower, please inform Wallarm technical support that you are updating filtering node modules up to 3.4 and ask to enable new IP lists logic for your Wallarm account. When new IP lists logic is enabled, please open the Wallarm Console and ensure that the section IP lists is available.

Step 2: Update NGINX to the latest stable version

Update NGINX / NGINX Plus to the latest stable release from the official NGINX repository.

If your infrastructure needs to use a specific version of NGINX, please contact the Wallarm technical support to build the API Security module for a custom version of NGINX.

Step 3: Add new Wallarm repository

Delete the previous Wallarm repository address and add a repository with a new Wallarm node version package. Please use the commands for the appropriate platform.

CentOS and Amazon Linux 2

sudo yum remove wallarm-node-repo
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/6/3.4/x86_64/Packages/wallarm-node-repo-1-6.el6.noarch.rpm
sudo yum remove wallarm-node-repo
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/7/3.4/x86_64/Packages/wallarm-node-repo-1-6.el7.noarch.rpm
sudo yum remove wallarm-node-repo
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/8/3.4/x86_64/Packages/wallarm-node-repo-1-6.el8.noarch.rpm

Debian and Ubuntu

  1. Open the file with the Wallarm repository address in the installed text editor. In these instructions, vim is used.

    sudo vim /etc/apt/sources.list.d/wallarm.list
    
  2. Comment out or delete the previous repository address.

  3. Add a new repository address:

    deb http://repo.wallarm.com/debian/wallarm-node stretch/3.4/
    
    deb http://repo.wallarm.com/debian/wallarm-node stretch/3.4/
    deb http://repo.wallarm.com/debian/wallarm-node stretch-backports/3.4/
    
    deb http://repo.wallarm.com/debian/wallarm-node buster/3.4/
    
    deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/3.4/
    
    deb http://repo.wallarm.com/ubuntu/wallarm-node focal/3.4/
    

Step 4: Migrate whitelists and blacklists from previous Wallarm node version to 3.4

If updating Wallarm node 2.18 or lower, migrate whitelist and blacklist configuration from previous Wallarm node version to 3.4 following the instructions.

Step 5: Update Wallarm API Security packages

Filtering node and postanalytics on the same server

  1. Execute the following command to upgrade the filtering node and postanalytics modules:

    sudo apt update
    sudo apt dist-upgrade
    
    sudo apt update
    sudo apt dist-upgrade
    
    sudo yum update
    
  2. If the package manager asks for confirmation to rewrite the content of the configuration file /etc/cron.d/wallarm-node-nginx:

    1. Ensure that the IP lists migration is completed.
    2. Confirm the file rewrite by using the option Y.

      The package manager would ask for the rewrite confirmation if the file /etc/cron.d/wallarm-node-nginx had been changed in the previous Wallarm node versions. Since IP list logic was changed in Wallarm node 3.x, the /etc/cron.d/wallarm-node-nginx content was updated accordingly. For the IP address blacklist to operate correctly, the Wallarm node 3.x should use the updated configuration file.

      By default, the package manager uses the option N but the option Y is required for the correct IP address blacklist operation in Wallarm node 3.x.

Filtering node and postanalytics on different servers

Sequence of steps to update the filtering node and postanalytics modules

If the filtering node and postanalytics modules are installed on different servers, then it is required to update the postanalytics packages before updating the filtering node packages.

  1. Update postanalytics packages following these instructions.

  2. Update Wallarm node packages:

    sudo apt update
    sudo apt dist-upgrade
    
    sudo apt update
    sudo apt dist-upgrade
    
    sudo yum update
    
  3. If the package manager asks for confirmation to rewrite the content of the configuration file /etc/cron.d/wallarm-node-nginx:

    1. Ensure that the IP lists migration is completed.
    2. Confirm the file rewrite by using the option Y.

      The package manager would ask for the rewrite confirmation if the file /etc/cron.d/wallarm-node-nginx had been changed in the previous Wallarm node versions. Since IP list logic was changed in Wallarm node 3.x, the /etc/cron.d/wallarm-node-nginx content was updated accordingly. For the IP address blacklist to operate correctly, the Wallarm node 3.x should use the updated configuration file.

      By default, the package manager uses the option N but the option Y is required for the correct IP address blacklist operation in Wallarm node 3.x.

Step 6: Adjust Wallarm node filtration mode settings to changes released in version 3.2

If upgrading Wallarm node 3.0 or lower:

  1. Ensure that the expected behavior of settings listed below corresponds to the changed logic of the off and monitoring filtration modes:

  2. If the expected behavior does not correspond to the changed filtration mode logic, please adjust the filtration mode settings to released changes using the instructions.

Step 7: Restart NGINX

sudo systemctl restart nginx
sudo service nginx restart
sudo systemctl restart nginx

Step 8: Test Wallarm node operation

  1. Send the request with test SQLI and XSS attacks to the application address:

    curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
    
  2. Open the Wallarm Console → Events section in the EU Cloud or US Cloud and ensure attacks are displayed in the list.

    Attacks in the interface

Settings customization

Wallarm API Security modules are updated to version 3.4. Previous filtering node settings will be applied to the new version automatically. To make additional settings, use the available directives.

Common customization options: