Comments in firewall rule expressions

I have some pretty long firewall rules and it would be nice if the expression language supported (block) comments. This should be pretty straightforward to implement. Please do allow nested comments.

You have my vote.

Comments have been suggested a year ago but so far Cloudflare was not too fond of the idea. The argument has been that a firewall rule is limited in its length and hence that should not be “wasted” with comments. Personally I cant follow that argument but thats all I got so far :slight_smile:


limited in its length and hence that should not be “wasted” with comments

Gee. I hope that’s not Cloudflare’s official position.

By the way, you can add “junk” subexpressions at appropriate places as “poor man’s comments”.

If there’s a subexpression φ that is several subexpressions “and’ed” together, you can “and” it an additional ("comment" ne ""), which is a tautology and doesn’t change the value of φ.

Similarly if φ is several subexpressions “or’ed” together, you can add a ("comment" eq "") (which is always false) instead.

True, but I’d consider that as too error prone for a viable solution.

That’s our initial feedback yes. It might be something we implement in the future, however we have to consider it carefully.

I mean, what length limitations are you worried about? Text expressions are pretty compressible, and comments are certainly a lot easier to strip out than junk subexpressions even you don’t compile the rules to more compact forms. In any case we’re limited to merely 5 free rules.

There seems to be a 4 KB limit in place, which should be plenty IMHO, even including comments. If somebody really hits that limit they can always strip that one rule of its comments.

I am afraid I never could follow that argument either.

1 Like

Lets push it a bit.

@alexcf, @mdemoura, any possible movement in this area?