Skip to content

System Settings

To fine-tune system API Firewall settings, use the following optional environment variables or YAML parameters:

Environment variable YAML parameter Description
APIFW_READ_TIMEOUT Server → ReadTimeout The timeout for API Firewall to read the full request (including the body) sent to the application URL. The default value is 5s.
APIFW_WRITE_TIMEOUT Server → WriteTimeout The timeout for API Firewall to return the response to the request sent to the application URL. The default value is 5s.
APIFW_SERVER_MAX_CONNS_PER_HOST
(for PROXY and graphql modes)
MaxConnsPerHost The maximum number of connections that API Firewall can handle simultaneously. The default value is 512.
APIFW_SERVER_READ_TIMEOUT
(for PROXY and graphql modes)
Backend → ProtectedAPI → ReadTimeout The timeout for API Firewall to read the full response (including the body) returned to the request by the application. The default value is 5s.
APIFW_SERVER_WRITE_TIMEOUT
(for PROXY and graphql modes)
Backend → ProtectedAPI → WriteTimeout The timeout for API Firewall to write the full request (including the body) to the application. The default value is 5s.
APIFW_SERVER_DIAL_TIMEOUT
(for PROXY and graphql modes)
DialTimeout The timeout for API Firewall to connect to the application. The default value is 200ms.
APIFW_SERVER_CLIENT_POOL_CAPACITY
(for PROXY and graphql modes)
ClientPoolCapacity Maximum number of the fasthttp clients. The default value is 1000.
APIFW_HEALTH_HOST HealthAPIHost The host of the health check service. The default value is 0.0.0.0:9667. The liveness probe service path is /v1/liveness and the readiness service path is /v1/readiness.
APIFW_READ_BUFFER_SIZE
(for APIFW server)
ReadBufferSize Per-connection buffer size for request reading. This also limits the maximum header size. Increase this buffer if your clients send multi-KB RequestURIs and/or multi-KB headers (for example, BIG cookies). The default value is 8192.
APIFW_WRITE_BUFFER_SIZE
(for APIFW server)
WriteBufferSize Per-connection buffer size for response writing. The default value is 8192.
APIFW_MAX_REQUEST_BODY_SIZE
(for APIFW server)
MaxRequestBodySize Maximum request body size. The server rejects requests with bodies exceeding this limit. The default value is 4194304.
APIFW_DISABLE_KEEPALIVE
(for APIFW server)
DisableKeepalive Disables the keep-alive connections. The server will close all the incoming connections after sending the first response to the client if this option is set to true. The default value is false.
APIFW_MAX_CONNS_PER_IP
(for APIFW server)
MaxConnsPerIP Maximum number of concurrent client connections allowed per IP. The default value is 0 (means "unlimited").
APIFW_MAX_REQUESTS_PER_CONN
(for APIFW server)
MaxRequestsPerConn Maximum number of requests served per connection. The server closes the connection after the last request. The Connection: close header is added to the last response. The default value is 0 (means "unlimited").
APIFW_SERVER_READ_BUFFER_SIZE
(for HTTP client sending requests)
ReadBufferSize Per-connection buffer size for request reading. This also limits the maximum header size. The default value is 8192.
APIFW_SERVER_WRITE_BUFFER_SIZE
(for HTTP client sending requests)
WriteBufferSize Per-connection buffer size for response writing. The default value is 8192.
APIFW_SERVER_MAX_RESPONSE_BODY_SIZE
(for HTTP client sending requests)
MaxResponseBodySize Maximum response body size. The default value is 0 (means "unlimited").

Example of apifw.yaml
mode: "PROXY"
RequestValidation: "BLOCK"
ResponseValidation: "BLOCK"
CustomBlockStatusCode: 403
AddValidationStatusHeader: false
APISpecs: "openapi.yaml"
APISpecsCustomHeader:
  Name: ""
  Value: ""
PassOptionsRequests: true
SpecificationUpdatePeriod: "0"
Server:
  APIHost: "http://0.0.0.0:8282"
  HealthAPIHost: "0.0.0.0:9999"
  ReadTimeout: "5s"
  WriteTimeout: "5s"
  ReadBufferSize: 8192
  WriteBufferSize: 8192
  MaxRequestBodySize: 4194304
  DisableKeepalive: false
  MaxConnsPerIP: 0
  MaxRequestsPerConn: 0
DNS:
  Nameserver:
    Host: ""
    Port: "53"
    Proto: "udp"
  Cache: false
  FetchTimeout: "1m"
  LookupTimeout: "1s"
Denylist:
  Tokens:
    CookieName: ""
    HeaderName: ""
    TrimBearerPrefix: true
    File: ""
AllowIP:
  File: ""
  HeaderName: ""
ShadowAPI:
  ExcludeList:
    - 404
    - 200
  UnknownParametersDetection: false
TLS:
  CertsPath: "certs"
  CertFile: "localhost.crt"
  CertKey: "localhost.key"
ModSecurity:
  ConfFiles: []
  RulesDir: ""
Endpoints: []
Backend:
  Oauth:
    ValidationType: "JWT"
    JWT:
      SignatureAlgorithm: "RS256"
      PubCertFile: ""
      SecretKey: ""
    Introspection:
      ClientAuthBearerToken: ""
      Endpoint: ""
      EndpointParams: ""
      TokenParamName: ""
      ContentType: ""
      EndpointMethod: "GET"
      RefreshInterval: "10m"
  ProtectedAPI:
    URL: "http://localhost:3000/v1/"
    RequestHostHeader: ""
    ClientPoolCapacity: 1000
    InsecureConnection: false
    RootCA: ""
    MaxConnsPerHost: 512
    ReadTimeout: "5s"
    WriteTimeout: "5s"
    DialTimeout: "200ms"
    ReadBufferSize: 8192
    WriteBufferSize: 8192
    MaxResponseBodySize: 0
    DeleteAcceptEncoding: false