I have some pretty long firewall rules and it would be nice if the expression language supported (block) comments. This should be pretty straightforward to implement. Please do allow nested comments.
You have my vote.
Comments have been suggested a year ago but so far Cloudflare was not too fond of the idea. The argument has been that a firewall rule is limited in its length and hence that should not be “wasted” with comments. Personally I cant follow that argument but thats all I got so far 
limited in its length and hence that should not be “wasted” with comments
Gee. I hope that’s not Cloudflare’s official position.
By the way, you can add “junk” subexpressions at appropriate places as “poor man’s comments”.
If there’s a subexpression φ that is several subexpressions “and’ed” together, you can “and” it an additional ("comment" ne ""), which is a tautology and doesn’t change the value of φ.
Similarly if φ is several subexpressions “or’ed” together, you can add a ("comment" eq "") (which is always false) instead.
1 Like
True, but I’d consider that as too error prone for a viable solution.
That’s our initial feedback yes. It might be something we implement in the future, however we have to consider it carefully.
I mean, what length limitations are you worried about? Text expressions are pretty compressible, and comments are certainly a lot easier to strip out than junk subexpressions even you don’t compile the rules to more compact forms. In any case we’re limited to merely 5 free rules.
There seems to be a 4 KB limit in place, which should be plenty IMHO, even including comments. If somebody really hits that limit they can always strip that one rule of its comments.
I am afraid I never could follow that argument either.
1 Like
@mdemoura, anything on this?
Inline comments or standalone notes are certainly useful.
I don’t believe there’s any technical reason we haven’t implemented this, we’ve just been working on a number of other new features, e.g.: A new Cloudflare Web Application Firewall.
That said, I’ve just bumped the feature request for you 
.
2 Likes
Thanks, appreciated. I understood what Alex was trying to say back then but could honestly not really follow the reasoning.
Anyhow, while missing comments are probably not a showstopper for firewall rules I’d venture to say they would improve the user experience and it would be great if that feature was made available with a somewhat reasonable time frame. Thanks for bumping the request and it would be great if you could post in thread if there are any updates.
1 Like
Any update on this?
I have to manage rules with lists of IP addresses
I would very much like to be able to annotate chunks of IP lists with notes on what they are
Surely this is really really simple - have the “real” firewall rule stored with comments strupped, but have the annotated commented rule stored in a shadow system/table that allows comments.
When editing the rule - its pulled from live and from the shadow table - compared to make sure they are in sync. If they are, then I’m presented with the shadow commented version instead. I can update as I see fit
When I save it - the shadow version is updated, and then the comments are removed and the live rule system is updated with the commentless version
This means that no changes are required to the actual WAF system, its just a bit of extra UI functionality for users and it would then allow us to have comments which for a system like this seems essential really
1 Like
+1 for this. I am surprised it’s still outstanding years later as it should be very simple to implement.