This chapter will guide you through the process of installation and initial configuration of the FAST node. Upon completion of all necessary steps, you will have an operating FAST node. It will be listening on
localhost:8080, ready to proxy HTTP and HTTPS requests to the Google Gruyere application. The node will be installed on your machine along with the Mozilla Firefox browser.
It is suggested in the guide that you use the Mozilla Firefox browser. However, it is possible to use any browser of your choice, provided that you successfully configured it to send all the HTTP and HTTPS traffic to the FAST node.
To install and configure the FAST node, do the following:
- Install the Docker software
- Obtain a token that will be used to connect your FAST node to the Wallarm cloud
- Prepare a file containing the necessary environment variables
- Deploy the FAST node Docker container
- Configure the browser to work with the proxy
- Install SSL certificates
Set up the Docker software on your machine. See the official Docker installation guide for more information.
It is suggested that you use the Docker Community Edition (CE). However, any Docker edition can be used.
Log in to the My Wallarm portal using your Wallarm account.
If you do not have one, then create an account.
Select the “Nodes” tab, then click the Create FAST node button (or the Add FAST node link).
A dialog window will appear. Give a meaningful name to the node and select the Create button. The guide suggests that you use the name
Move your mouse cursor over the Token field of created node and copy the value.
It is required that you set up several environment variables in order to get FAST node working.
In order to do that, create a text file and add the following text to it:
WALLARM_API_TOKEN=<the token value you obtained in step 2> ALLOWED_HOSTS=google-gruyere.appspot.com
You have set the environment variables. Their purpose could be described as follows:
WALLARM_API_TOKEN— sets the token value that is used to connect the node to the Wallarm cloud;
ALLOWED_HOSTS— limits the scope of requests to generate a security test from. Security tests will be generated only from the requests to the domain
google-gruyere.appspot.comwhere the target application resides.
Setting the fully qualified domain name is not necessary. You could use a substring (e. g.
A FAST node interacts with one of the available Wallarm clouds. By default, a FAST node works with the Wallarm API server that is located in the American cloud.
To instruct a FAST node to use the API server from other cloud, pass the
WALLARM_API_HOST environment variable pointing to the address of the necessary Wallarm API server to the node container.
Example (a FAST node will use the API server that is located in the European Wallarm cloud):
To do this, execute the following command:
docker run --name <name> --env-file=<environment variables file created on the previous step> -p <target port>:8080 wallarm/fast
You should provide several arguments to the command:
Specifies the name of the Docker container.
It should be unique among all existing containers' names.
<environment variables file created in the previous step>
Specifies a file containing all the environment variables to export into the container.
You should specify a path to the file you created in the previous step.
Specifies a port of the Docker host to which the container’s 8080 port should be mapped. None of the container ports are available to the Docker host by default.
To grant access to a certain container’s port from the Docker host, you should publish the container’s internal port to the external port by employing the
You also could publish the container’s port to a non-loopback IP address on the host by providing the
-p <host IP>:<target port>:8080argument to make it accessible from outside the Docker host as well.
The execution of the following command will run a container named
fast-node employing the environment variables file
/home/user/fast.cfg and publish its port to
docker run --name fast-node --env-file=/home/user/fast.cfg -p 8080:8080 wallarm/fast
If the container deployment is successful, you will be presented with a console output like this:
__ __ _ _ \ \ / /_ _| | |__ _ _ _ _ __ \ \/\/ / _` | | / _` | '_| ' \ \_/\_/\__,_|_|_\__,_|_| |_|_|_| ___ _ ___ _____ | __/_\ / __|_ _| | _/ _ \\__ \ | | |_/_/ \_\___/ |_| [info] Node connected to Wallarm Cloud [info] Loaded 0 custom extensions for fast scanner [info] Loaded 51 default extensions for fast scanner [info] Waiting for TestRun to check...
Now you should have the ready-to-work FAST node connected to the Wallarm cloud. The node is listening to the incoming HTTP and HTTPS requests on
localhost:8080, recognizing the requests to the
google-gruyere.appspot.com domain as baseline ones.
Configure the browser to proxy all HTTP and HTTPS requests through the FAST node.
To set up proxying in the Mozilla Firefox browser, do the following:
Open the browser. Select “Preferences” in the menu. Select “General” tab and scroll down to the “Network Settings.” Select the Settings button.
The “Connection Settings” window should open up. Select the Manual proxy configuration option. Configure the proxy by entering the following values:
localhostas HTTP proxy address and
8080as HTTP proxy port.
localhostas SSL proxy address and
8080as SSL proxy port.
Select the ОК button to apply the changes you have made.
While working with the Google Gruyere application via HTTPS you might encounter the following browser message regarding the interruption of a safely connection:
You should add a self-signed FAST node SSL certificate to be able to interact with the web application via HTTPS. To do so, navigate to this link, select your browser from the list and perform the necessary actions described. This guide suggests that you use the Mozilla Firefox browser.
Now you should have all of the chapter goals completed, having run and configured your FAST node. In the next chapter you will learn what is required to generate a set of security tests based on a few baseline requests.