REST API daemon for dynamic control of apache-waf module. Port of nginx-waf-api for Apache.
apache-waf-api is a standalone Go daemon that provides a REST API for dynamically managing apache-waf IP lists without manual file editing or Apache configuration changes.
- REST API for IP list management (CRUD operations)
- API key authentication
- Automatic Apache graceful reload after changes
- Audit logging of all modifications
- Prometheus metrics endpoint
- Atomic file operations (no partial writes)
API Client ──> apache-waf-api ──> IP List Files ──> apache-waf
(UI/CLI) (Go daemon) (/etc/apache2/...) (Rust module)
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/lists |
List all IP lists |
| GET | /api/v1/lists/{name} |
Get list details |
| POST | /api/v1/lists/{name}/entries |
Add IP to list |
| DELETE | /api/v1/lists/{name}/entries/{ip} |
Remove IP from list |
| POST | /api/v1/reload |
Trigger Apache graceful reload |
| GET | /health |
Health check |
| GET | /metrics |
Prometheus metrics |
make build
cp conf/config.example.yaml /etc/apache-waf-api/config.yaml
./apache-waf-api -config /etc/apache-waf-api/config.yaml- apache-waf - Core Apache module (required)
- apache-waf-feeds - Threat feed updater
- apache-waf-ui - Web management interface
- nginx-waf-api - Original nginx version
Apache License 2.0 - see LICENSE.md for details.