Skip to main content
Version: 25.3.0

Security Features Deployment

Please refer to the separate documentation for the Proposed Directory Structure for assistance with the steps below.

The following flags need to be added to <absoulte path to the agent>/conf_*/waratek.properties file.

Deploy Security Features

Security Features can be included in the content of rules.armr file as follows:

com.waratek.rules.local=<path-to-agent-conf-folder>rules.armr

Security patches (and ARMR security rules) can be loaded from a dedicated directory as follows:

com.waratek.rules.dir=<path-to-agent-conf-folder>

Once configured, the Waratek Agent will load every patch/rule placed in the above directory.

  • Valid ARMR Security rules and Patch files must have a .armr file extension in the rules directory (files with other extension or no extension will be ignored)
  • A syntax error in an individual file will result in that particular file being ignored.
  • Other files in the directory will be loaded, provided they are free from syntax errors.
  • Subdirectories of the rules directory will be ignored.

On Java Agent v25.0.0 and later, it is possible to specify a path to a zip file using the com.waratek.rules.local option, where the zip file is a compressed directory containing 1 or more .armr files.

com.waratek.rules.local=<path-to-agent-conf-folder>rules.zip

On the Java Agent v25.0.0 and later, it is possible to specify a path to a directory containing multiple zip files using the com.waratek.rules.dir option, where each of the multiple zip files contains 1 or more .armr files. The directory specified by com.waratek.rules.dir may also contain .armr files as well as .zip files.

Auto-reloading

Ensure rules are auto-reloaded:

com.waratek.rules.autoreload=true

Agent Name

An agent name can be defined by using the following flag:

com.waratek.agent.name=helloWorld

An agent name given in the Portal takes priority over the name set in the waratek.properties file.

Backup Directory

The Waratek Agent creates a backup of ARMR rule files as it changes these backup files will be saved to the backups directory, which is created automatically. Each backup filename ends with a three-digit number (e.g. 001) and allows the user to view/restore old versions of the ARMR rule file. If this directory is not cleared by the user, it will contain a full history of all ARMR rule files ever applied to the agent.

Applications using Jakarta Servlet 5.0 specification

The Waratek Agent v25.1.0 introduces support for the com.waratek.servlet=<javax>/<jakarta> property, which informs the agent whether the protected application is using the javax.servlet or jakarta.servlet namespace. The two valid property values (if the property is set) are javax and jakarta. The default value is javax.

Applications using the jakarta.servlet namespace (e.g. applications running in Tomcat10+, JBoss EAP 8+) will require the following configuration property to be set in the waratek.properties file.

com.waratek.servlet=jakarta