WAF with Application Gateway in Azure - Time & Space Complexity

When using a Web Application Firewall (WAF) with Azure Application Gateway, it's important to understand how the processing time grows as more web requests come in.

We want to know how the number of requests affects the time the system takes to inspect and forward them.

Analyze the time complexity of processing incoming web requests through WAF-enabled Application Gateway.

// Pseudocode for request processing
foreach (request in incomingRequests) {
  wafResult = waf.inspect(request);
  if (wafResult == 'allowed') {
    applicationGateway.forward(request);
  } else {
    applicationGateway.block(request);
  }
}

This sequence shows each request being inspected by the WAF and then either forwarded or blocked by the Application Gateway.

Identify the API calls, resource provisioning, data transfers that repeat.

• Primary operation: WAF inspection of each incoming request.
• How many times: Once per request, for every request received.

As the number of incoming requests increases, the WAF inspects each one individually, so the total processing grows directly with the number of requests.

Input Size (n)	Approx. API Calls/Operations
10	10 WAF inspections + 10 forwards/blocks
100	100 WAF inspections + 100 forwards/blocks
1000	1000 WAF inspections + 1000 forwards/blocks

Pattern observation: The total operations increase in direct proportion to the number of requests.

Time Complexity: O(n)

This means the time to process requests grows linearly as more requests arrive.

[X] Wrong: "The WAF inspects all requests at once, so processing time stays the same no matter how many requests come in."

[OK] Correct: Each request is inspected separately, so more requests mean more inspections and more time.

Understanding how request volume affects processing time helps you design scalable and efficient cloud security solutions.

"What if the WAF used batch inspection for multiple requests at once? How would the time complexity change?"