Skip to content

Firewall product documentation#3086

Draft
atharvadeosthale wants to merge 7 commits into
stardustfrom
stardust-firewall
Draft

Firewall product documentation#3086
atharvadeosthale wants to merge 7 commits into
stardustfrom
stardust-firewall

Conversation

@atharvadeosthale

Copy link
Copy Markdown
Member

What does this PR do?

Adds a new Firewall product section to the docs at /docs/products/firewall, covering the upcoming Appwrite Firewall feature.

New pages:

  • Overview: what Firewall is, edge enforcement, first-match rule evaluation, fail-open behavior
  • Quick start: create and verify a first rule from the Console
  • Rules: rule anatomy, resource scoping, priority ordering, failure behavior
  • Conditions: request attributes, operators, and logical nesting
  • Actions: deny, rate limit, challenge, redirect, and bypass, with configuration and response headers
  • Common rules: recipes for geo-blocking, IP allowlists, rate limiting, bot challenges, and redirects
  • Logs and Analytics: monitoring reference aligned with the Console

Also adds a Firewall entry to the main docs sidebar under Products.

Notes

  • Console steps are placeholders aligned with the upcoming Console UI; screenshots to be added once the UI is final.
  • No API routes or SDK examples are included, as rule management is Console-only.

Have you read the Contributing Guidelines on issues?

Yes

@appwrite

appwrite Bot commented Jul 7, 2026

Copy link
Copy Markdown

Appwrite Website

Project ID: 69d7efb00023389e8d27

Sites (1)
Site Status Logs Preview QR
 website
69d7f2670014e24571ca
Ready Ready View Logs Preview URL QR Code

Website (appwrite/website)

Project ID: 684969cb000a2f6c0a02

Sites (1)
Site Status Logs Preview QR
 website
68496a17000f03d62013
Queued Queued View Logs Preview URL QR Code


Tip

Sites auto-generate unique domains with the pattern https://randomstring.appwrite.network

@atharvadeosthale atharvadeosthale changed the base branch from main to stardust July 7, 2026 10:42
@atharvadeosthale atharvadeosthale changed the title (docs): add Firewall product documentation Firewall product documentation Jul 7, 2026
@atharvadeosthale

Copy link
Copy Markdown
Member Author

@greptile-apps review

@greptile-apps

greptile-apps Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds a complete Firewall product documentation section at /docs/products/firewall (overview, quick start, rules, conditions, actions, common rules, logs, and analytics) and a new Dokploy self-hosting guide, along with minor copy fixes to the Coolify guide and sidebar/layout wiring for both new sections.

  • The Firewall docs are well-structured and internally consistent, covering edge enforcement, first-match evaluation, fail-open behavior, and all five actions with a useful bypass/deny allowlist pattern.
  • The Dokploy guide is thorough, including wildcard certificate caveats, Cloudflare gotchas, and a one-Appwrite-per-server troubleshooting note.
  • Two minor content inconsistencies were found: the operator table in conditions uses inconsistent plurality for notEqual, startsWith, and endsWith vs. equal; and the quick start's resource-type picker omits APIs, which the rules anatomy table includes as a valid resource type.

Confidence Score: 4/5

Safe to merge; all changes are documentation and sidebar wiring with no runtime logic.

The two findings are wording inconsistencies in the operator table and quick-start resource-type picker — neither affects site functionality, but the operator plurality issue could lead users to incorrectly assume or miss multi-value support for notEqual/startsWith/endsWith before the Firewall feature ships.

conditions/+page.markdoc (operator plurality) and quick-start/+page.markdoc (resource type omission) warrant a quick pass before the Firewall feature goes live.

Important Files Changed

Filename Overview
src/routes/docs/products/firewall/conditions/+page.markdoc Operator table has inconsistent plurality between equal ("any of the values") and notEqual/startsWith/endsWith and their negations ("the value"), which may mislead users about multi-value support.
src/routes/docs/products/firewall/quick-start/+page.markdoc Step 2 says to choose "one of your sites or functions," omitting APIs as a resource type despite the rules anatomy page listing APIs as valid; minor inconsistency that could confuse users wanting to protect API traffic.
src/routes/docs/products/firewall/rules/+page.markdoc Rule anatomy, scoping, priority ordering, and failure behavior are all clearly documented with a good bypass/deny allowlist example.
src/routes/docs/products/firewall/actions/+page.markdoc All five actions documented with a summary table, per-action explanations, configuration tables, and response-header reference; no issues.
src/routes/docs/products/firewall/common-rules/+page.markdoc Five ready-to-use rule recipes with JSON condition snippets; examples are clear and logically consistent with the actions and conditions documentation.
src/routes/docs/advanced/self-hosting/platforms/dokploy/+page.markdoc New Dokploy self-hosting guide covering installation, domain/HTTPS setup (including wildcard certificate caveats), configuration, and troubleshooting; thorough and accurate.
src/routes/docs/Sidebar.svelte Adds Firewall entry to the Products sidebar using icon-shield-check; correct structure matching existing entries.
src/routes/docs/products/firewall/+layout.svelte New sidebar layout for the Firewall section; follows the same pattern as other product layouts with correct navigation tree structure.
src/routes/docs/products/firewall/+page.markdoc Overview page covering firewall concepts, key concepts table, common use cases, and a getting-started link; content is clear and internally consistent.
.optimize-cache.json Adds cache entries for the two new Dokploy images; extension differences between cache entries (.png) and committed files (.avif) are intentional per project convention.
src/routes/docs/advanced/self-hosting/platforms/coolify/+page.markdoc Corrects _APP_SMTP_SECURE value from true to tls and updates the GitHub integration description to be more accurate.

Fix All in Claude Code Fix All in Codex

Prompt To Fix All With AI
Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
src/routes/docs/products/firewall/conditions/+page.markdoc:38-45
The `notEqual` operator description says "the value" (singular) while the analogous `equal` description says "any of the values." The same inconsistency appears in `startsWith`, `notStartsWith`, `endsWith`, and `notEndsWith`. Since the conditions structure always uses a `values` array, users who try to pass multiple values to `notEqual` or `startsWith` will be unsure whether that is supported. If these operators do accept multiple values, the descriptions should match `equal`'s phrasing; if they are intentionally single-value only, that constraint should be stated explicitly.

```suggestion
| `equal` | The attribute equals any of the values. |
| `notEqual` | The attribute does not equal any of the values. |
| `contains` | The attribute contains any of the values as a substring. |
| `notContains` | The attribute does not contain any of the values. |
| `startsWith` | The attribute starts with any of the values. |
| `notStartsWith` | The attribute does not start with any of the values. |
| `endsWith` | The attribute ends with any of the values. |
| `notEndsWith` | The attribute does not end with any of the values. |
```

### Issue 2 of 2
src/routes/docs/products/firewall/quick-start/+page.markdoc:16
The quick start tells users to "Choose one of your sites or functions," but the `rules/+page.markdoc` anatomy table lists `resourceType` as covering "your project's APIs, functions, or sites." A user who wants to protect their Appwrite API endpoints will not know they can scope a rule to that resource type. If APIs are a valid resource type in the Console at launch, the quick start should mention it; if not yet supported, a brief note would set expectations correctly.

```suggestion
2. Select the resource the rule applies to. Choose one of your sites, functions, or APIs.
```

Reviews (1): Last reviewed commit: "(fix): remove unquoted colon from action..." | Re-trigger Greptile

Comment on lines +38 to +45
| `equal` | The attribute equals any of the values. |
| `notEqual` | The attribute does not equal the value. |
| `contains` | The attribute contains any of the values as a substring. |
| `notContains` | The attribute does not contain any of the values. |
| `startsWith` | The attribute starts with the value. |
| `notStartsWith` | The attribute does not start with the value. |
| `endsWith` | The attribute ends with the value. |
| `notEndsWith` | The attribute does not end with the value. |

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The notEqual operator description says "the value" (singular) while the analogous equal description says "any of the values." The same inconsistency appears in startsWith, notStartsWith, endsWith, and notEndsWith. Since the conditions structure always uses a values array, users who try to pass multiple values to notEqual or startsWith will be unsure whether that is supported. If these operators do accept multiple values, the descriptions should match equal's phrasing; if they are intentionally single-value only, that constraint should be stated explicitly.

Suggested change
| `equal` | The attribute equals any of the values. |
| `notEqual` | The attribute does not equal the value. |
| `contains` | The attribute contains any of the values as a substring. |
| `notContains` | The attribute does not contain any of the values. |
| `startsWith` | The attribute starts with the value. |
| `notStartsWith` | The attribute does not start with the value. |
| `endsWith` | The attribute ends with the value. |
| `notEndsWith` | The attribute does not end with the value. |
| `equal` | The attribute equals any of the values. |
| `notEqual` | The attribute does not equal any of the values. |
| `contains` | The attribute contains any of the values as a substring. |
| `notContains` | The attribute does not contain any of the values. |
| `startsWith` | The attribute starts with any of the values. |
| `notStartsWith` | The attribute does not start with any of the values. |
| `endsWith` | The attribute ends with any of the values. |
| `notEndsWith` | The attribute does not end with any of the values. |
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/routes/docs/products/firewall/conditions/+page.markdoc
Line: 38-45

Comment:
The `notEqual` operator description says "the value" (singular) while the analogous `equal` description says "any of the values." The same inconsistency appears in `startsWith`, `notStartsWith`, `endsWith`, and `notEndsWith`. Since the conditions structure always uses a `values` array, users who try to pass multiple values to `notEqual` or `startsWith` will be unsure whether that is supported. If these operators do accept multiple values, the descriptions should match `equal`'s phrasing; if they are intentionally single-value only, that constraint should be stated explicitly.

```suggestion
| `equal` | The attribute equals any of the values. |
| `notEqual` | The attribute does not equal any of the values. |
| `contains` | The attribute contains any of the values as a substring. |
| `notContains` | The attribute does not contain any of the values. |
| `startsWith` | The attribute starts with any of the values. |
| `notStartsWith` | The attribute does not start with any of the values. |
| `endsWith` | The attribute ends with any of the values. |
| `notEndsWith` | The attribute does not end with any of the values. |
```

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Fix in Claude Code Fix in Codex

Configure the rule:

1. Give the rule a name, for example `Block test IP`.
2. Select the resource the rule applies to. Choose one of your sites or functions.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The quick start tells users to "Choose one of your sites or functions," but the rules/+page.markdoc anatomy table lists resourceType as covering "your project's APIs, functions, or sites." A user who wants to protect their Appwrite API endpoints will not know they can scope a rule to that resource type. If APIs are a valid resource type in the Console at launch, the quick start should mention it; if not yet supported, a brief note would set expectations correctly.

Suggested change
2. Select the resource the rule applies to. Choose one of your sites or functions.
2. Select the resource the rule applies to. Choose one of your sites, functions, or APIs.
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/routes/docs/products/firewall/quick-start/+page.markdoc
Line: 16

Comment:
The quick start tells users to "Choose one of your sites or functions," but the `rules/+page.markdoc` anatomy table lists `resourceType` as covering "your project's APIs, functions, or sites." A user who wants to protect their Appwrite API endpoints will not know they can scope a rule to that resource type. If APIs are a valid resource type in the Console at launch, the quick start should mention it; if not yet supported, a brief note would set expectations correctly.

```suggestion
2. Select the resource the rule applies to. Choose one of your sites, functions, or APIs.
```

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Fix in Claude Code Fix in Codex

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant