Simplify rules based on a set of possible addresses

[cataphract]

The WAF runs on logs processing with only a few addresses ever pushed. It would likely result in a substantial performance improvement if the rules could be stripped of all addresses that will never be pushed, and rules with no addresses left removed.

This could be implemented as a new option when rules are loaded, or, perhaps a worse option, as a tool to preprocess the rules file.

[Anilm3]

Removing rules based on the available addresses would make sense, as a feature within the WAF, if the set of available addresses changes frequently enough that having a limited ruleset becomes an operational burden. Otherwise, it's simple enough to preprocess a ruleset and eliminate irrelevant rules before passing them to the WAF.

In any case, in the future I plan to explore an alternative way of processing rules which will be based on the available addresses, so perhaps the performance impact of irrelevant rules will be negligible then.