We have some exciting news to share! The latest teler-waf release (v1.2.0-alpha.1) is now available, and we highly recommend upgrading to take advantage of its enhancements.
One of the standout features in this release is a substantial improvement 📈 in performance during the initialization and compilation of threat datasets. We've conducted benchmark tests comparing the previous version with the new release, and the results for each operation are quite impressive:
$ benchstat old.txt new.txt
goos: linux
goarch: amd64
pkg: github.com/kitabisa/teler-waf
cpu: 11th Gen Intel(R) Core(TM) i9-11900H @ 2.50GHz
│ old.txt │ new.txt │
│ sec/op │ sec/op vs base │
InitializeDefault-4 20.60m ± 5% 18.48m ± 13% -10.29% (p=0.009 n=10)
InitializeCommonWebAttack-4 20.70m ± 5% 18.53m ± 7% -10.49% (p=0.000 n=10)
InitializeCVE-4 21.97m ± 6% 18.90m ± 8% -13.99% (p=0.001 n=10)
InitializeBadIPAddress-4 20.61m ± 6% 20.05m ± 11% ~ (p=0.529 n=10)
InitializeBadReferrer-4 19.97m ± 6% 19.42m ± 9% ~ (p=0.353 n=10)
InitializeBadCrawler-4 21.23m ± 9% 18.98m ± 7% -10.56% (p=0.000 n=10)
InitializeDirectoryBruteforce-4 22.06m ± 9% 18.20m ± 6% -17.46% (p=0.000 n=10)
InitializeWithoutCommonWebAttack-4 21.34m ± 4% 19.18m ± 5% -10.13% (p=0.000 n=10)
InitializeWithoutCVE-4 21.93m ± 7% 19.53m ± 5% -10.94% (p=0.000 n=10)
InitializeWithoutBadIPAddress-4 20.39m ± 8% 20.07m ± 11% ~ (p=0.052 n=10)
InitializeWithoutBadReferrer-4 20.91m ± 5% 18.97m ± 5% -9.31% (p=0.000 n=10)
InitializeWithoutBadCrawler-4 20.63m ± 8% 19.35m ± 9% -6.22% (p=0.003 n=10)
InitializeWithoutDirectoryBruteforce-4 20.81m ± 5% 19.18m ± 9% -7.82% (p=0.005 n=10)
InitializeCustomRules-4 21.53m ± 6% 17.89m ± 7% -16.91% (p=0.000 n=10)
geomean 21.04m 19.04m -9.49%
│ old.txt │ new.txt │
│ B/op │ B/op vs base │
InitializeDefault-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.001 n=10)
InitializeCommonWebAttack-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeCVE-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeBadIPAddress-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeBadReferrer-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeBadCrawler-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeDirectoryBruteforce-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeWithoutCommonWebAttack-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeWithoutCVE-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeWithoutBadIPAddress-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeWithoutBadReferrer-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeWithoutBadCrawler-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeWithoutDirectoryBruteforce-4 42.63Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
InitializeCustomRules-4 42.64Mi ± 0% 38.66Mi ± 0% -9.33% (p=0.000 n=10)
geomean 42.63Mi 38.66Mi -9.33%
│ old.txt │ new.txt │
│ allocs/op │ allocs/op vs base │
InitializeDefault-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.001 n=10)
InitializeCommonWebAttack-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeCVE-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeBadIPAddress-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeBadReferrer-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeBadCrawler-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeDirectoryBruteforce-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeWithoutCommonWebAttack-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeWithoutCVE-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeWithoutBadIPAddress-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeWithoutBadReferrer-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeWithoutBadCrawler-4 114.23k ± 0% 86.86k ± 0% -23.96% (p=0.000 n=10)
InitializeWithoutDirectoryBruteforce-4 114.23k ± 0% 86.87k ± 0% -23.96% (p=0.000 n=10)
InitializeCustomRules-4 114.27k ± 0% 86.90k ± 0% -23.95% (p=0.000 n=10)
geomean 114.2k 86.87k -23.96%- Time has seen a 10.29% improvement ⏱
- Memory usage has been reduced by 9.33%
- Memory allocation has decreased by 23.96%
The reason behind this significant improvement is noteworthy: we've made substantial changes in how we handle threat detection. Specifically, we've eliminated the use of dual regexp engines and have moved away from relying on the built-in regexp engine for checking common web attacks and bad referrer threats. You can find more details here:
https://github.com/kitabisa/teler-waf/compare/v1.1.7...v1.2.0-alpha.1.
In summary, these performance outcomes clearly illustrate that the new version offers significantly enhanced performance, achieving an impressive
9.49% overall boost. 🚀 Upgrading to the latest version not only enhances the efficiency of your application but also elevates its security capabilities.