Add API-Firewall docs

api-firewall/README-short.txt

@@ -0,0 +1 @@
+A light-weighted API Firewall to protect your API endpoints with API Schema validation.

api-firewall/content.md

@@ -0,0 +1,82 @@
+%%LOGO%%
+
+# What is API Firewall?
+
+Light-weighted Wallarm API Firewall protects your API endpoints in cloud-native environments with API schema validation. Wallarm API Firewall relies on a positive security model allowing calls that match a predefined API specification, while rejecting everything else.
+
+## API schema validation and positive security model
+
+When starting API Firewall, you should provide the [OpenAPI 3.0 specification](https://swagger.io/specification/) of the application to be protected with API Firewall. The started API Firewall will operate as a reverse proxy and validate whether requests and responses match the schema defined in the specification.
+
+The traffic that does not match the schema will be logged using the [`STDOUT` and `STDERR` Docker services](https://docs.docker.com/config/containers/logging/) or blocked (depending on the configured API Firewall operation mode). If operating in the logging mode and detecting the traffic on endpoints that are not included in the specification, API Firewall also logs these endpoints as the shadow ones (except for endpoints returning the code `404`).
+
+Provided API schema should be described using the [OpenAPI 3.0 specification](https://swagger.io/specification/) in the YAML or JSON file (`.yaml`, `.yml`, `.json` file extensions).
+
+By allowing you to set the traffic requirements with the OpenAPI 3.0 specification, Wallarm API Firewall relies on a positive security model.
+
+## Technical characteristics
+
+API Firewall works as a reverse proxy with a built-in OpenAPI 3.0 request and response validator. The validator is written in Go and optimized for extreme performance and near-zero added latency.
+
+# How to use this image
+
+## Quick start with Docker
+
+This quick start guide walks through downloading and starting Wallarm API Firewall with minimal configuration on Docker.
+
+### Requirements
+
+-	[Installed and configured Docker](https://docs.docker.com/get-docker/)
+-	[OpenAPI 3.0 specification](https://swagger.io/specification/) developed for the REST API of the application that should be protected with Wallarm API Firewall
+
+### Up and running
+
+To run Wallarm API Firewall with minimal configuration on Docker:
+
+1.	Create the Docker network to connect your application and Wallarm API Firewall (e.g. `api-firewall-network`):
+
+	```bash
+	docker network create api-firewall-network
+	```
+
+2.	Start the containerized application to be protected with API Firewall (e.g. [kennethreitz/httpbin](https://hub.docker.com/r/kennethreitz/httpbin/)):
+
+	```bash
+	docker run --rm -it --network api-firewall-network \
+	    --network-alias backend -p 8090:8090 kennethreitz/httpbin
+	```
+
+3.	Start the API Firewall image:
+
+	```bash
+	docker run --rm -it --network api-firewall-network --network-alias api-firewall \
+	    -v <HOST_PATH_TO_SPEC>:<CONTAINER_PATH_TO_SPEC> -e APIFW_API_SPECS=<PATH_TO_MOUNTED_SPEC> \
+	    -e APIFW_URL=<API_FIREWALL_URL> -e APIFW_SERVER_URL=<PROTECTED_APP_URL> \
+	    -e APIFW_REQUEST_VALIDATION=<REQUEST_VALIDATION_MODE> -e APIFW_RESPONSE_VALIDATION=<RESPONSE_VALIDATION_MODE> \
+	    -p 8088:8088 %%IMAGE%%:v0.6.5
+	```
+
+	| Variables                   | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
+	|-----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+	| **For the `-v` option**     |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
+	| `<HOST_PATH_TO_SPEC>`       | The path to the OpenAPI 3.0 specification for your application REST API located on the host machine. The accepted file formats are YAML and JSON (`.yaml`, `.yml`, `.json` file extensions). For example: `/opt/my-api/openapi3/swagger.json`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
+	| `<CONTAINER_PATH_TO_SPEC>`  | The path to the container directory to mount the OpenAPI 3.0 specification to. For example: `/api-firewall/resources/swagger.json`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+	| **For the `-e` option**     |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
+	| `APIFW_API_SPECS`           | Path to the OpenAPI 3.0 specification mounted to the container. For example: `/api-firewall/resources/swagger.json`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
+	| `APIFW_URL`                 | URL for API Firewall. For example: `http://0.0.0.0:8088/`. The port value should correspond to the container port published to the host.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+	| `APIFW_SERVER_URL`          | URL of the application described in the mounted OpenAPI specification that should be protected with API Firewall. For example: `http://backend:80`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+	| `APIFW_REQUEST_VALIDATION`  | API Firewall mode when validating requests sent to the application URL:<ul><li>`BLOCK` to block and log the requests that do not match the schema provided in the mounted OpenAPI 3.0 specification (the `403 Forbidden` response will be returned to the blocked requests). Logs are sent to the [`STDOUT` and `STDERR` Docker services](https://docs.docker.com/config/containers/logging/).</li><li>`LOG_ONLY` to log but not block the requests that do not match the schema provided in the mounted OpenAPI 3.0 specification. Logs are sent to the [`STDOUT` and `STDERR` Docker services](https://docs.docker.com/config/containers/logging/).</li><li>`DISABLE` to disable request validation.</li></ul>                                                                                                                             |
+	| `APIFW_RESPONSE_VALIDATION` | API Firewall mode when validating application responses to incoming requests:<ul><li>`BLOCK` to block and log the request if the application response to this request does not match the schema provided in the mounted OpenAPI 3.0 specification. This request will be proxied to the application URL but the client will receive the `403 Forbidden` response. Logs are sent to the [`STDOUT` and `STDERR` Docker services](https://docs.docker.com/config/containers/logging/).</li><li>`LOG_ONLY` to log but not block the request if the application response to this request does not match the schema provided in the mounted OpenAPI 3.0 specification. Logs are sent to the [`STDOUT` and `STDERR` Docker services](https://docs.docker.com/config/containers/logging/).</li><li>`DISABLE` to disable request validation.</li></ul> |
+
+4.	Test API Firewall operation by sending the request that does not match the mounted Open API 3.0 specification to the API Firewall Docker container address. For example, you can pass the string value in the parameter that requires the integer value.
+
+	If the request does not match the provided API schema, the appropriate ERROR message will be added to the API Firewall Docker container logs.
+
+You have successfully started Wallarm API Firewall with minimal configuration. To learn advanced configuration options, please use the [separate instructions on running Wallarm API Firewall with Docker](https://docs.wallarm.com/api-firewall/installation-guides/docker-container/).
+
+## Demos
+
+You can try API Firewall by running the demo environment that deploys an example application protected with Wallarm API Firewall. There are two available demo environments:
+
+-	[Wallarm API Firewall demo with Docker Compose](https://github.com/wallarm/api-firewall/tree/main/demo/docker-compose)
+-	[Wallarm API Firewall demo with Kubernetes](https://github.com/wallarm/api-firewall/tree/main/demo/kubernetes)

api-firewall/github-repo

@@ -0,0 +1 @@
+https://github.com/wallarm/api-firewall

api-firewall/license.md

@@ -0,0 +1 @@
+View [license information](https://www.mozilla.org/en-US/MPL/2.0/) for the software contained in this image.

api-firewall/logo.svg

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 19.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="layer" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 652 652" style="enable-background:new 0 0 652 652;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#FF5D18;}
+</style>
+<path class="st0" d="M572.5,257.4v-57L458.2,251v-72.9l-115.6,51.3v115.4l114.3-50.7v33.4l114.2-50.6v20.3l54.9-24.4v-39.1
+	L572.5,257.4"/>
+<path d="M124,444.8l18.6-62.1h20.9L133.7,474H115l-20.4-62l-20.5,62H55.5L26,382.6h21.4l18.3,62.1l20.2-62.5h17.8L124,444.8
+	 M263.5,474h20.8V344.8h-20.8V474z M296.8,474h20.8V344.8h-20.8L296.8,474z M447.3,474H426V384h21.3v20.3
+	c5.8-13.5,16.5-22.7,32.9-22v21.8h-1.2c-18.6,0-31.7,11.8-31.7,35.6V474z M594.3,382.3c19.7,0,31.7,12.4,31.7,34.4V474h-20.7v-51
+	c0-14.3-6.7-21.9-18.3-21.9c-11.3,0-19.3,7.8-19.3,22.3V474h-20.7v-51.2c0-14-6.8-21.8-18.3-21.8c-11.5,0-19.4,8.5-19.4,22.4V474
+	h-20.7v-89.8h20.7v13.6c5.8-8,13.7-15.5,27.6-15.5c13,0,22.1,6.3,26.9,15.8C571,388.6,580.6,382.3,594.3,382.3 M393.1,440.1
+	c0,11.1-10.4,18.6-24.4,18.6c-9.9,0-17.7-4.7-17.7-13.1v-0.3c0-9,7.8-14.2,21-14.2c8.2,0,15.7,1.5,21.1,3.5L393.1,440.1z
+	 M373.1,382.3c-11.3,0-19.7,1.7-27.4,4.4v18.5c7.7-2.9,15-4.8,24.5-4.8c14.6,0,22.6,6.7,22.6,18.9v2.2c-7.1-2.2-14.3-3.7-25.4-3.7
+	c-21.4,0-37.2,9.4-37.2,28.5v0.3c0,17.8,15.3,27.3,32.7,27.3c13.9,0,23.5-5.5,29.8-12.7v10.9h20.9v-52.5
+	C413.5,396,400.3,382.3,373.1,382.3L373.1,382.3z M226.5,440.1c0,11.1-10.4,18.6-24.4,18.6c-9.9,0-17.7-4.7-17.7-13.1v-0.3
+	c0-9,7.8-14.2,21.1-14.2c8.2,0,15.7,1.5,21.1,3.5V440.1z M206.5,382.3c-11.9,0-20.6,1.9-28.7,4.9v18.5c8.2-3.2,15.7-5.3,25.8-5.3
+	c14.6,0,22.6,6.7,22.6,18.9v2.2c-7.1-2.2-14.3-3.7-25.4-3.7c-21.4,0-37.2,9.4-37.2,28.5v0.3c0,17.8,15.3,27.3,32.7,27.3
+	c13.9,0,23.5-5.5,29.8-12.7v10.9h20.9v-52.5C246.8,396,233.6,382.3,206.5,382.3L206.5,382.3z"/>
+</svg>

api-firewall/maintainer.md

@@ -0,0 +1 @@
+The Wallarm Team