Performance issues when enabling AppFirewall
The following are the performance issues when AppFirewall is enabled:
A very tempting expression when configuring AppFirewall policies, is the expression
true. This is useful during troubleshooting, since it provides a guaranteed way for AppFirewall to trigger. However, if used for actual production, depending on how much traffic and how comprehensive the protection policies, this can easily result in a significant performance hit. A better practice is to create policies that match the profile of requests, such as:HTTP.REQ.HOSTNAME.EQ("example.com").Similarly, Regex, which is a particular favorite of administrators coming from the scripting world, is very tempting to use and is sometimes absolutely necessary to achieve a certain level of flexibility. However, Regex too when applied to too many requests has a performance impact. Where possible, use literal matches and the fastmatch option we talked about in the Signatures section.
A final performance...
