api-firewall
by wallarm
A fast, lightweight API proxy firewall that validates API requests and responses against OpenAPI and GraphQL schemas to secure REST and GraphQL endpoints.
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
Primary Use Case
API Firewall is used to protect REST and GraphQL APIs by enforcing a positive security model that blocks malicious or malformed requests and responses. It is ideal for developers and security teams in cloud-native environments who want to prevent API data breaches, discover shadow APIs, and automate API security validation.
- Secure REST and GraphQL API endpoints by blocking malicious requests
- Stop API data breaches by blocking malformed API responses
- Discover shadow API endpoints
- Validate JWT access tokens for OAuth 2.0 authentication
- Denylist compromised API tokens, keys, and cookies
- AllowIPList to restrict access by allowed IP addresses
- Supports ModSecurity Rules and OWASP ModSecurity Core Rule Set
- Operates in proxy, API validation, and GraphQL modes
Installation
- Pull the API Firewall Docker image from DockerHub
- Provide the OpenAPI 3.0 or GraphQL schema of your API
- Run API Firewall as a reverse proxy in PROXY mode for request and response validation
- Alternatively, run in API mode to validate individual requests without proxying
- Use graphql mode to validate HTTP and WebSocket GraphQL requests
Usage
>_ docker run -p 8080:8080 -v /path/to/openapi.yaml:/api-spec.yaml wallarm/api-firewallRun API Firewall in PROXY mode validating requests and responses against the provided OpenAPI specification.
>_ docker run -e MODE=API -v /path/to/openapi.yaml:/api-spec.yaml wallarm/api-firewallRun API Firewall in API mode to validate individual requests against the OpenAPI specification without proxying.
>_ docker run -e MODE=graphql -v /path/to/graphql-schema.graphql:/schema.graphql wallarm/api-firewallRun API Firewall in GraphQL mode to validate HTTP and WebSocket GraphQL requests against the provided schema.
- Integrate API Firewall into CI/CD pipelines for automated API security validation before deployment.
- Leverage shadow API discovery to identify and remediate undocumented or forgotten API endpoints.
- Combine with runtime application self-protection (RASP) tools for layered API defense.
- Use JWT validation and denylisting features to enforce strict authentication and reduce token misuse.
- Customize ModSecurity rulesets to tailor protection against emerging API-specific threats.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about api-firewall. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
API-Security-Checklist
shieldfy/API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
express-gateway
ExpressGateway/express-gateway
A microservices API Gateway built on top of Express.js
API-Security
OWASP/API-Security
OWASP API Security Project
akto
akto-api-security/akto
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
fizz-gateway-node
fizzgate/fizz-gateway-node
API聚合网关 An Aggregation API Gateway API集成、API脱敏、API安全、API溯源
apisix-docker
apache/apisix-docker
the docker for Apache APISIX