whitelist/blacklist

[splitice]

Can I ask the reason for an explicit whitelist / blacklist? From my understanding it would function the same as using allow/deny from the nginx access module which are always executed before LUA.

The main application I have brainstormed is when integrating into a larger application (like we are looking to do). Such an application is likely rare, and in most cases such a system would want to do this outside of the WAF layer for additional control.

Thanks

[p0pr0ck5]

You're right, it is essentially the same function as the ngx_http_access_module; it still exists from when I built a cloud WAF as a service for my Master's thesis. It probably doesn't serve much purpose at this point, but the cost of it is minimal, so I don't see the harm in leaving it- someone might get some use out of it someday. If you're looking to squeeze performance and avoid inefficiency, you can always ignore the 10000 ruleset that checks these ACLs.

[splitice]

If has a purpose its fine, I figured I might have been missing something (KISS and all)

If its the same as allow/deny in function (well less since allow/deny has CIDR's and compares as netmask very quickly) its probably something to look at.

[splitice]

Oh and I'll be sure to read your thesis. Probably a very good place to start.