How we made Firewall Rules
The text discusses the evolution of Cloudflare's firewall features, from IP Access Rules to Page Rules, and eventually leading to the development of Firewall Rules. It explains how the new matching engine in Rust was created to power Firewall Rules, providing a fast way to compute if a request matches a rule that could contain multiple properties as well as pattern matching. The text also covers the challenges faced during this process, such as handling specificity and mutual exclusion of rules, and how they were overcome by introducing a priority value for ordering and grouping Firewall Rules. It concludes with an outlook on future possibilities for the firewall, including extending its capabilities beyond HTTP to other application protocols or even layer 4.
Company
Cloudflare
Date published
March 4, 2019
Author(s)
David Kitchen
Word count
3415
Language
English
Hacker News points
None found.