Deploying Web Application Firewall in Docker

Overview
You can deploy Web Application Firewall as a Docker container. Docker is a software application that enables you to run other software applications, such as Web Application Firewall, in a self-contained environment called a container. This type of isolation ensures that applications operate smoothly by avoiding conflicts or interference from each other while sharing the same physical resources.

Note: The Docker Engine required for this deployment method uses Linux and the shell environment. A basic level of Linux command line experience is required.

Networking and containers
Docker maintains isolation between containers at the network layer by implementing a virtual private network within the host system. The virtual private network is set up and managed by the Docker application. The only configuration required by the administrator is to specify which ports to redirect to the container. For more details on networking with Docker containers see Container Networking. The illustration below shows how a client request is processed through the host system and the WAF container to the upstream web application server.

waf-docker-schema.png

Getting Started
Running  WAF as a Docker container in a production environment requires the Docker Engine, which is compatible with most Linux distributions. You can deploy WAF as a container directly on your Web Application Server or on a separate dedicated system, for example on an Amazon EC2 instance. Before deploying WAF as a container, identify where you wish to install WAF.

Docker Installation
Before installing the Docker engine, make sure your host system is supported. Refer to the Docker supported platforms for the current list. Each supported Linux distribution includes a dedicated installation guide. For example, see Install Docker Engine on Ubuntu for Ubuntu Linux.

Download the WAF container
After confirming the Docker engine is installed on your system, you can download the WAF container. Docker uses the pull command to download a container from an external registry to your host system. Use the following command from your Docker host system to pull the WAF container from the Docker Hub registry:

sudo docker pull untangleinc/untangle-waf

Run the WAF container
Docker uses the run command to set up and then start a container. The run command accepts parameters to ensure that the container has a proper running environment. Some parameters require a value while others are simply a directive with no associated value. To run the WAF container, use the following command:

sudo docker run -d -p 80:80 -p 443:443 -v conf:/usr/share/untangle --restart unless-stopped --name "untangle-waf" untangleinc/untangle-waf

The following table describes each parameter:

Parameter Value Description
-d   Run the container in the background so that you can exit your shell environment and keep the container running.
-p 80:80 The ports to redirect to your container. For WAF, these should include the ports you wish to forward to your upstream Web Application Server. Each port requires an individual designation, for example “-p 80:80 -p 443:443”. Each port must be listed twice and separated by a colon to designate the listen port and the redirect port.
-v conf:/usr/share/untangle The storage volume location. This parameter allocates a persistent storage volume for the WAF container.
--restart unless-stopped The restart directive with value unless-stopped instructs Docker to start the WAF container automatically except when the container is manually stopped. See Start containers automatically.
--name untangle-waf The name of your container. This is useful when you need to perform actions such as stopping or starting your container and you prefer to reference the container using a friendly label.
  untangleinc/untangle-waf The location of the WAF on Docker Hub.

 

Manage the WAF container
Once your container is running, you may need to perform actions on your container for maintenance or administration purposes. For a complete list refer to the Docker CLI reference. The table below provides a description of common Docker commands.

Command Description
docker container list List running containers
docker exec -it untangle-waf bash Enter the shell of your WAF container
docker stop untangle-waf Stop your WAF container
docker start untangle-waf Start your WAF container
docker rm untangle-waf Remove your WAF container
docker logs untangle-waf Show the container logs. Useful for troubleshooting.

 

Next steps
Once your WAF container is running, you are ready to begin setting up your appliance to protect your Web Application Servers. See Setting up Web Application Firewall for details.

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk