Skip to content

What is new in Wallarm node 3.2

We have released Wallarm node 3.x that is totally incompatible with Wallarm node of version 2.18 and lower. Before updating the modules up to 3.x, please carefully review the list of changes and general recommendations.

  • Regular (client) and partner Wallarm nodes of version 2.18 and lower. Changes available in Wallarm node 3.x simplifies the node configuration and improves traffic filtration.

  • Regular (client) Wallarm node of version 3.0. Changes available in Wallarm node 3.2 enables new features of controlling access to applications by IP addresses and simplifies the logic of some filtration modes.

Changes available when updating Wallarm node of version 2.18 and lower

Listed changes are available for both the regular (client) and partner Wallarm node 3.2.

Changes in supported installation platforms

  • Dropped support for the operating system Ubuntu 16.04 LTS (xenial)

See the full list of supported platforms →

Changes in supported filtering node configuration parameters

Changes in system requirements for the filtering node installation

Starting with version 3.x, the filtering node supports IP addresses whitelists, blacklists, and greylists. The Wallarm Console allows adding both single IPs and countries or data centers to any IP list type.

The Wallarm node downloads an actual list of IP addresses registered in whitelisted, blacklisted, or greylisted countries or data centers from GCP storage. By default, access to this storage can be restricted in your system. Allowing access to GCP storage is a new requirement for the virtual machine on which the filtering node is installed.

Range of GCP IP addresses that should be allowed →

Changes in filtration mode logic

Starting with version 3.2, the logic of Wallarm node filtration modes has been changed as follows:

  • Wallarm node analyzes request source only in the safe_blocking and block modes now.

  • If the Wallarm node operating in the off or monitoring mode detects the request originated from the blacklisted IP, it does not block this request.

More details on Wallarm node 3.2 modes →

New features

Changes available when updating Wallarm node of version 3.0

Breaking change

Starting with version 3.2, the logic of Wallarm node filtration modes has been changed as follows:

  • Wallarm node analyzes request source only in the safe_blocking and block modes now.

  • If the Wallarm node operating in the off or monitoring mode detects the request originated from the blacklisted IP, it does not block this request.

  • If the Wallarm node operating in the monitoring mode detects the attack originated from the whitelisted IP, it uploads the attack data to the Wallarm Cloud. Uploaded data is displayed in the Events section of the Wallarm Console.

Details on Wallarm node 3.2 modes →

New features

  • Ability to whitelist, blacklist, or greylist request sources for specific applications.

    Details on adding IPs to the whitelist, blacklist, and greylist →

  • The number of requests originated from blacklisted IPs is now displayed in the statistic service output, in the new parameter blocked_by_acl and in the existing parameters requests, blocked.

    Details on the statistic service →

  • The libdetection library is now supported in the Envoy-based Wallarm node. This library additionally validates the SQL Injection attacks to confirm detected malicious payloads. If the payload is not confirmed by the libdetection library, the request is considered to be legitimate. Using this library allows reducing the number of false positives among the SQL Injection attacks.

    By default, the library libdetection is disabled. To improve the attack detection, we recommend enabling it.

    Details on the libdetection library →

Update process

  1. Review recommendations for the modules update.

  2. Update installed modules following the instructions for your Wallarm node deployment option:

  3. If updating the Wallarm node 2.18 or lower to version 3.2, migrate whitelist and blacklist configuration from previous Wallarm node versions to 3.2.


Other updates in Wallarm products and components →