Closed splitice closed 9 years ago
You're right, it is essentially the same function as the ngx_http_access_module
; it still exists from when I built a cloud WAF as a service for my Master's thesis. It probably doesn't serve much purpose at this point, but the cost of it is minimal, so I don't see the harm in leaving it- someone might get some use out of it someday. If you're looking to squeeze performance and avoid inefficiency, you can always ignore the 10000
ruleset that checks these ACLs.
If has a purpose its fine, I figured I might have been missing something (KISS and all)
If its the same as allow/deny in function (well less since allow/deny has CIDR's and compares as netmask very quickly) its probably something to look at.
Oh and I'll be sure to read your thesis. Probably a very good place to start.
Can I ask the reason for an explicit whitelist / blacklist? From my understanding it would function the same as using
allow/deny
from the nginx access module which are always executed before LUA.The main application I have brainstormed is when integrating into a larger application (like we are looking to do). Such an application is likely rare, and in most cases such a system would want to do this outside of the WAF layer for additional control.
Thanks