Baffle-WAF/baffle-hub
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Use network IDS, rather than the CIDR containment method

Browse Source
This commit is contained in:
Dan Milne
2025-11-17 21:45:41 +11:00
parent 4964d1a190
commit de1cf0b237
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/network_ranges_controller.rb
View File

@@ -245,8 +245,10 @@ class NetworkRangesController < ApplicationController
if network_range.persisted? if network_range.persisted?
# Real network - use cached events_count for total requests (much more performant) # Real network - use cached events_count for total requests (much more performant)
if network_range.events_count > 0 if network_range.events_count > 0
# Base query for consistent IP containment logic # Use indexed network_range_id for much better performance instead of expensive CIDR operator
base_query = Event.where("ip_address <<= ?", network_range.cidr) # Include child network ranges to capture all traffic within this network block
network_ids = [network_range.id] + network_range.child_ranges.pluck(:id)
base_query = Event.where(network_range_id: network_ids)
# Use separate queries: one for grouping (without ordering), one for recent activity (with ordering) # Use separate queries: one for grouping (without ordering), one for recent activity (with ordering)
events_for_grouping = base_query.limit(1000) events_for_grouping = base_query.limit(1000)