Sunday, May 31, 2026AboutContactDisclaimerAdvertiseNewsletterWrite for Us
Subscribe Free
Home
LIVE
Back to Home
What Happens in 2 Milliseconds: Anatomy of a Single HTTP Request Through a Production WAF
Programming

What Happens in 2 Milliseconds: Anatomy of a Single HTTP Request Through a Production WAF

B
Blizine Admin
·2 min read·0 views

Bhavy Yadav Posted on May 31 What Happens in 2 Milliseconds: Anatomy of a Single HTTP Request Through a Production WAF # webdev # go # backend # security The rule engine is not the hard part. Everyone builds a rule engine. The hard part is deciding what order the checks run in — because the difference between a hash map lookup and a regex match is two orders of magnitude, and you're doing this on every single request. Six-stage pipeline. Production. 50+ client websites, 100K+ daily requests. I'll trace one request through all of it. http POST /api/login HTTP / 1.1 Host : client-website.com User-Agent : python-requests/2.28.0 Content-Type : application/json X-Forwarded-For : 185.220.101.45 {"username" : "admin' OR '1'='1' --","password":"anything"} Enter fullscreen mode Exit fullscreen mode Four problems: Tor exit node IP, automation library User-Agent, no Accept header, SQL injection payload. It gets blocked at stage 4. But all six stages matter. The Pipeline func ( waf * WAF ) Handle ( next http . Handler ) http . Handler { return http . HandlerFunc ( func ( w http . ResponseWriter , r * http . Request ) { ctx := & RequestContext { IP : extractIP ( r ), Start : time . Now (), } // Stage 1: IP reputation — cheapest check, runs first ipScore := waf . reputation . Score ( ctx . IP ) ctx . Score += ipScore if ctx . Score >= 100 { waf . block ( w , r , ctx , Decision { Code : 403 , Reason : "blocklist" }) return } // Stage 2: Rate limiting if allowed := waf . limiter . Allow ( ctx . IP ); ! allowed { ctx . Score += 25 ctx . RateLimited = true } // Stage 3: Header inspection headerScore , hardBlock := waf . inspectHeaders ( r ) ctx . Score += headerScore if hardBlock != "" { waf . block ( w , r , ctx , Decision { Code : 400 , Reason : hardBlock }) return } // Stage 4: Rule engine — most expensive, runs last body , _ := io . ReadAll ( r . Body ) r . Body = io . NopCloser ( bytes . NewReader ( body )) ctx . Matches = waf . rules . Evaluate ( r , body ) // Stage 5: D

📰Dev.to — dev.to

B
Blizine Admin

Staff Writer

View Profile

Related Articles

Interactive Floor Plans for Real Estate Developers — Why Static PDFs Are Dead

May 31, 2026·2 min read

Vue slot to React: How does VuReact handle it?

May 31, 2026·2 min read

I Built 24 Free Browser Tools in 6 Weeks — Here's What I'd Do Differently

May 31, 2026·2 min read

Comments