/plushcap/analysis/cloudflare/how-we-made-firewall-rules

How we made Firewall Rules

What's this blog post about?

The text discusses the evolution of Cloudflare's firewall features, from IP Access Rules to Page Rules, and eventually leading to the development of Firewall Rules. It explains how the new matching engine in Rust was created to power Firewall Rules, providing a fast way to compute if a request matches a rule that could contain multiple properties as well as pattern matching. The text also covers the challenges faced during this process, such as handling specificity and mutual exclusion of rules, and how they were overcome by introducing a priority value for ordering and grouping Firewall Rules. It concludes with an outlook on future possibilities for the firewall, including extending its capabilities beyond HTTP to other application protocols or even layer 4.

Company
Cloudflare

Date published
March 4, 2019

Author(s)
David Kitchen

Word count
3415

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.