A powerful free and open source WAF – UUSEC WAF(github.com)
github.com
A powerful free and open source WAF – UUSEC WAF
https://github.com/Safe3/uuWAF
31 comments
When I saw that link I thought maybe it was one of those: "add X to the recommended libraries list" PRs or something like that. But this is wild... it's literally an advertisement.
The license used [1] would mean this very much wouldn't be widely considered open source, since the license sets limits on use and does not seem to provide open modification nor distribution.
[1] https://github.com/Safe3/uuWAF/blob/393262d525d0e35c14819bfa...
[1] https://github.com/Safe3/uuWAF/blob/393262d525d0e35c14819bfa...
I don't think it's even source-available? The repo has docs, a bunch of Lua scripts (for what software?), a small PHP module and a compiled "geo-ip firewall" binary. Most of the features mentioned on the Github page appear to only be in the paid version of the software, and this limited "free" version is delivered as a mystery-meat Docker image pulled from Huawei Cloud.
At best this is an advertisement that lies about being open source.
At best this is an advertisement that lies about being open source.
This is partly open sourced, not fully. All the rules are open sourced. Because the docker mirrors downloading from Huawei Cloud is faster, so we use it.
It's totally free for personal using for the community version
The docker images it builds from are on Huawei cloud? I’d approach this with caution.
I would take this as two things at once, from personal opinion:
- There is probably a PRC backdoor somewhere in this
- This is probably very high quality software
I've dealt with Huawei security a little bit and in general Huawei as a company is really serious about security and handles low-level/deep security software pretty well.
Also based on what the top commenter posted about the license... I don't know how usable this actually is for anyone, lol.
- There is probably a PRC backdoor somewhere in this
- This is probably very high quality software
I've dealt with Huawei security a little bit and in general Huawei as a company is really serious about security and handles low-level/deep security software pretty well.
Also based on what the top commenter posted about the license... I don't know how usable this actually is for anyone, lol.
Complete prejudice and lies, why do those from China have backdoors and those from the United States are very secure? At least publicly available information shows that Huawei has never intentionally left backdoors, while the NSA in the United States is notorious!
If you suspect there is a backdoor, please provide concrete evidence instead of imagination and false accusations
Just because the docker mirrors downloading from Huawei Cloud is faster, so we use it. What's your problems with Huawei?
I have growing concerns with the increased costs of WAFs. I am certainly not getting excited about how expensive things are getting from places like Akamai and Cloudfront. I'm just idly waiting to see where things land. An OpenSource solution is nice although the costs for infrastructure do crank up. Wonder how this compares to Fastly?
I see others mention it isn't a truly free even if Open Source, is this thread an ad?
I see others mention it isn't a truly free even if Open Source, is this thread an ad?
It's wild to see machine learning baked right into a free WAF - feels like having an AI watchdog that never sleeps. Curious to see how this shifts the security landscape long-term, especially for startups that can't afford heavyweight protection systems.
All your comments read like they're generated by an LLM from a template.
Definitely a bot.
The machine learning is only for pro version, why so much prejudice?
how does this compare to, say, https://github.com/corazawaf/coraza (Apache licensed, either embeddable as a library, as an nginx or caddy plugin, or standalone?)
the coraza is a go version modsecurity, with the same problems as the modsecurity,too much false positives and false negatives
uusec(2)
https://github.com/goauthentik/authentik/issues/13521