Required. The hostname where your API endpoint is exposed and that your clients will call to invoke your API. This is the address that the API Firewall instance listens on.

API Firewall validates the hostname in the Host header on each incoming request and rejects any requests where the value does not match SERVER_NAME.

If API Firewall is terminating TLS connection, the certificates in LISTEN_SSL_CERT must match this hostname.

Required if LISTEN_NO_TLS is not specified. The name of the certificate file that the API Firewall instance uses for secure connections. The certificate file must be in PEM format, and the whole certificate chain (CA, Intermediate CA, the certificate) must all be stored in this file, sorted from leaf to root. The file must be present in the file system of the API Firewall container (/opt/guardian/conf/ssl/).

If API Firewall is terminating TLS connection, the certificates must match SERVER_NAME.

Use HTTP connections to API Firewall.

By default, the listener interface of API Firewall only accepts HTTPS connections, and you must specify the variables LISTEN_SSL_CERT and LISTEN_SSL_KEY. If you want to use HTTP connections instead, you can add the variable LISTEN_NO_TLS to your API Firewall configuration.

It is enough for this variable just to be present in your API Firewall configuration to change the behavior of API Firewall. The variable does not need a specific value, but deployment fails if you leave he value empty. If you have the variable LISTEN_NO_TLS in your API Firewall configuration, regardless of the value, API Firewall will use HTTP instead of HTTPS.

To switch back to HTTPS, you must completely remove the variable LISTEN_NO_TLS from the API Firewall configuration. Changing the value to false does nothing.

If HTTP connections are used, the TLS setup is disregarded and you do not need to specify LISTEN_SSL_CERT and LISTEN_SSL_KEY. If you have, you do not need to remove them, the variables are simply ignored.

For more details, see Switch API Firewall to use HTTP connections.

Defines if the API Firewall instance passes the Host header value unchanged to the backend.

• Off: API Firewall uses the host name (and port, if any) from TARGET_URL in the host header of the request to the backend.
• On: API Firewall includes the host header from the incoming request in the request to the backend as is.

The level of detail in the runtime logs of the protected API and its virtual host (vh-<API UUID>.error.log).

API Firewall supports the standard Apache log levels. We recommend using the values warn, info, or error, depending on the granularity you need. The values debug, trace1, trace5, and trace7 should not be used in production, but may be used when troubleshooting issues.

For more details on the log levels, see LogLevel Directive in Apache documentation.

The level of detail in the loading and initialization logs of the API Firewall instance (error.log).

API Firewall supports the standard Apache log levels. We recommend using the values warn, info, or error, depending on the granularity you need. The values debug, trace1, trace5, and trace7 should not be used in production, but may be used when troubleshooting issues.

For more details on the log levels, see LogLevel Directive in Apache documentation.