This chapter will guide you through the process of installation and initial configuration of the FAST proxy. Upon completion of all necessary steps, you will have an operating FAST proxy node. It will be listening on
localhost:8080, ready to proxy HTTP and HTTPS requests to the Google Gruyere application. The proxy will be installed on your machine along with the Mozilla Firefox browser.
It is suggested in the guide that you use the Mozilla Firefox browser. However, it is possible to use any browser of your choice, provided that you successfully configured it to send all the HTTP and HTTPS traffic to the FAST proxy node.
To install and configure the FAST proxy, do the following:
- Install the Docker software
- Obtain a token that will be used to connect your FAST proxy node to the Wallarm cloud
- Prepare a file containing the necessary environment variables
- Deploy the FAST proxy Docker container
- Configure the browser to work with the proxy
- Install SSL certificates
Set up the Docker software on your machine. See the official Docker installation guide for more information.
It is suggested that you use the Docker Community Edition (CE). However, any Docker edition can be used.
Get a FAST 30-day trial license. To do this, navigate to this link and create an account. The license will be automatically tied to the account.
Log in to the My Wallarm portal using the account you created in the previous step.
Select the “Nodes” tab, then select the Create new node button.
A dialog window will appear. Give a meaningful name to the proxy node and select the Create button. The guide suggests that you use the name
Copy the provided token and select the OK button:
Your token will differ from the token demonstrated in the picture.
It is possible to retrieve the token via a Wallarm API call as well. However, that is beyond the scope of this document.
It is required that you set up several environment variables in order to get FAST proxy working.
In order to do that, create a text file and add the following text to it:
WALLARM_API_TOKEN=<the token value you obtained in step 2> ALLOWED_HOSTS=google-gruyere.appspot.com
You have set the environment variables. Their purpose could be described as follows:
WALLARM_API_TOKEN— sets the token value that is used to connect the proxy node to the Wallarm cloud;
ALLOWED_HOSTS— limits the scope of requests to generate a security test from. Security tests will be generated only from the requests to the domain
google-gruyere.appspot.comwhere the target application resides.
Setting the fully qualified domain name is not necessary. You could use a substring (e. g.
To do this, execute the following command:
docker run --name <name> --env-file=<environment variables file created on the previous step> -p <target port>:8080 wallarm/fast
You should provide several arguments to the command:
Specifies the name of the Docker container.
It should be unique among all existing containers' names.
<environment variables file created in the previous step>
Specifies a file containing all the environment variables to export into the container.
You should specify a path to the file you created in the previous step.
Specifies a port of the Docker host to which the container’s 8080 port should be mapped. None of the container ports are available to the Docker host by default.
To grant access to a certain container’s port from the Docker host, you should publish the container’s internal port to the external port by employing the
You also could publish the container’s port to a non-loopback IP address on the host by providing the
-p <host IP>:<target port>:8080argument to make it accessible from outside the Docker host as well.
The execution of the following command will run a container named
fast-proxy employing the environment variables file
/home/user/fast.cfg and publish its port to
docker run --name fast-proxy --env-file=/home/user/fast.cfg -p 8080:8080 wallarm/fast
If the container deployment is successful, you will be presented with a console output like this:
Now you should have the ready-to-work FAST proxy node connected to the Wallarm cloud. The proxy is listening to the incoming HTTP and HTTPS requests on
localhost:8080, recognizing the requests to the
google-gruyere.appspot.com domain as baseline ones.
Configure the browser to send all HTTP and HTTPS requests through the FAST proxy node.
To set up proxying in the Mozilla Firefox browser, do the following:
Open the browser. Select “Options” in the menu. Select “General” tab and scroll down to the “Network Proxy.” Select the Settings button.
The “Connection Settings” window should open up. Select the Manual proxy configuration option. Configure the proxy by entering the following values:
localhostas HTTP proxy address and
8080as HTTP proxy port.
localhostas SSL proxy address and
8080as SSL proxy port.
Select the ОК button to apply the changes you have made.
While working with the Google Gruyere application via HTTPS you might encounter the following browser message regarding untrusted certificate:
You should add a self-signed FAST proxy SSL certificate to be able to interact with the web application via HTTPS. To do so, navigate to this link, select your browser from the list and perform the necessary actions described. This guide suggests that you use the Mozilla Firefox browser.
Now you should have all of the chapter goals completed, having run and configured your FAST proxy node. In the next chapter you will learn what is required to generate a set of security tests based on a few baseline requests.