US Patent 10063519 Automatically optimizing web application firewall rule sets

In one embodiment, a rule optimization application optimizes a rule set that a firewall applies to protect web applications from on-line attacks. The rule optimization application identifies a completed filtering operation that is associated with applying a rule to a request to access a web application received from a client. The rule optimization application then estimates a quality score for the rule based on the completed filtering operation and a reputation value for the client that indicates a likelihood that the client is legitimate. Subsequently, the rule optimization application determines that the quality score does not satisfy a predetermined quality criterion and disables the rule in the rule set to generate a updated, optimized rule set for the web application. Advantageously, the quality criterion may configure the rule optimization application to automatically update the rule set to reduce the number of legitimate requests that are blocked by the rule set.