Making the WAF 40% faster

Cloudflare has made significant performance improvements to its Web Application Firewall (WAF) by transitioning from PCRE to RE2 and implementing memoization. The WAF now uses deterministic finite automaton instead of backtracking algorithms, resulting in a linear time execution with the size of input. Memoization was also introduced to cache the output of function calls for reuse in future calls, leading to significant savings. These changes have resulted in an increase of the cache hit percentage from 56% to 74%, and a sharp decrease of 40% in the average time the WAF takes to process and analyze an HTTP request at the Cloudflare edge. The company is currently porting its Lua WAF to use the same engine powering Firewall Rules, which uses a filter syntax inspired by Wireshark® for better performance and safety.