Simplify rules based on a set of possible addresses #71
Labels
enhancement
New feature or request
Comments
|
Removing rules based on the available addresses would make sense, as a feature within the WAF, if the set of available addresses changes frequently enough that having a limited ruleset becomes an operational burden. Otherwise, it's simple enough to preprocess a ruleset and eliminate irrelevant rules before passing them to the WAF. In any case, in the future I plan to explore an alternative way of processing rules which will be based on the available addresses, so perhaps the performance impact of irrelevant rules will be negligible then. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The WAF runs on logs processing with only a few addresses ever pushed. It would likely result in a substantial performance improvement if the rules could be stripped of all addresses that will never be pushed, and rules with no addresses left removed.
This could be implemented as a new option when rules are loaded, or, perhaps a worse option, as a tool to preprocess the rules file.
The text was updated successfully, but these errors were encountered: