FAST proxy deployment

This chapter will guide you through the process of installation and initial configuration of the FAST proxy. Upon completion of all necessary steps, you will have an operating FAST proxy node. It will be listening on localhost:8080, ready to proxy HTTP and HTTPS requests to the Google Gruyere application. The proxy will be installed on your machine along with the Mozilla Firefox browser.

It is suggested in the guide that you use the Mozilla Firefox browser. However, it is possible to use any browser of your choice, provided that you successfully configured it to send all the HTTP and HTTPS traffic to the FAST proxy node.

FAST proxy deployment scheme in use

To install and configure the FAST proxy, do the following:

  1. Install the Docker software
  2. Obtain a token that will be used to connect your FAST proxy node to the Wallarm cloud
  3. Prepare a file containing the necessary environment variables
  4. Deploy the FAST proxy Docker container
  5. Configure the browser to work with the proxy
  6. Install SSL certificates

1. Install the Docker software

Set up the Docker software on your machine. See the official Docker installation guide for more information.

It is suggested that you use the Docker Community Edition (CE). However, any Docker edition can be used.

2. Obtain a token that will be used to connect your FAST proxy node to the Wallarm cloud

  1. Get a FAST 30-day trial license. To do this, navigate to this link and create an account. The license will be automatically tied to the account.

  2. Log in to the My Wallarm portal using the account you created in the previous step.

  3. Select the “Nodes” tab, then select the Create new node button.

    Creation of a new node

  4. A dialog window will appear. Give a meaningful name to the proxy node and select the Create button. The guide suggests that you use the name DEMO NODE.

  5. Copy the provided token and select the OK button:

    Retrieving the token

    Your token will differ from the token demonstrated in the picture.

    It is possible to retrieve the token via a Wallarm API call as well. However, that is beyond the scope of this document.

3. Prepare a file containing the necessary environment variables

It is required that you set up several environment variables in order to get FAST proxy working.

In order to do that, create a text file and add the following text to it:

WALLARM_API_TOKEN=<the token value you obtained in step 2>

You have set the environment variables. Their purpose could be described as follows:

  • WALLARM_API_TOKEN — sets the token value that is used to connect the proxy node to the Wallarm cloud;
  • ALLOWED_HOSTS — limits the scope of requests to generate a security test from. Security tests will be generated only from the requests to the domain where the target application resides.

Setting the fully qualified domain name is not necessary. You could use a substring (e. g. google-gruyere or

4. Deploy the FAST proxy Docker container

To do this, execute the following command:

docker run --name <name> --env-file=<environment variables file created on the previous step> -p <target port>:8080 wallarm/fast

You should provide several arguments to the command:

  • --name <name>

    Specifies the name of the Docker container.

    It should be unique among all existing containers' names.

  • --env-file= <environment variables file created in the previous step>

    Specifies a file containing all the environment variables to export into the container.

    You should specify a path to the file you created in the previous step.

  • -p <target port> :8080

    Specifies a port of the Docker host to which the container’s 8080 port should be mapped. None of the container ports are available to the Docker host by default.

    To grant access to a certain container’s port from the Docker host, you should publish the container’s internal port to the external port by employing the -p argument.

    You also could publish the container’s port to a non-loopback IP address on the host by providing the -p <host IP>:<target port>:8080 argument to make it accessible from outside the Docker host as well.

Example of a docker run command:

The execution of the following command will run a container named fast-proxy employing the environment variables file /home/user/fast.cfg and publish its port to localhost:8080:

  docker run --name fast-proxy --env-file=/home/user/fast.cfg -p 8080:8080 wallarm/fast

If the container deployment is successful, you will be presented with a console output like this:

FAST proxy is up and running

Now you should have the ready-to-work FAST proxy node connected to the Wallarm cloud. The proxy is listening to the incoming HTTP and HTTPS requests on localhost:8080, recognizing the requests to the domain as baseline ones.

5. Configure the browser to work with the proxy

Configure the browser to send all HTTP and HTTPS requests through the FAST proxy node.

To set up proxying in the Mozilla Firefox browser, do the following:

  1. Open the browser. Select “Options” in the menu. Select “General” tab and scroll down to the “Network Proxy.” Select the Settings button.

    Mozilla Firefox options

  2. The “Connection Settings” window should open up. Select the Manual proxy configuration option. Configure the proxy by entering the following values:

    • localhost as HTTP proxy address and 8080 as HTTP proxy port.
    • localhost as SSL proxy address and 8080 as SSL proxy port.

    Select the ОК button to apply the changes you have made.

    Mozilla Firefox proxy settings

6. Install SSL certificates

While working with the Google Gruyere application via HTTPS you might encounter the following browser message regarding untrusted certificate:

“Insecure connection” message

You should add a self-signed FAST proxy SSL certificate to be able to interact with the web application via HTTPS. To do so, navigate to this link, select your browser from the list and perform the necessary actions described. This guide suggests that you use the Mozilla Firefox browser.

Now you should have all of the chapter goals completed, having run and configured your FAST proxy node. In the next chapter you will learn what is required to generate a set of security tests based on a few baseline requests.

results matching ""

    No results matching ""