NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
A powerful free and open source WAF – UUSEC WAF (github.com)
risson 82 days ago [-]
Those guys are also opening "ad" issues on unrelated repositories[0]. Adding that to what others mentioned, it really doesn't inspire confidence in the software

https://github.com/goauthentik/authentik/issues/13521

throwaway2016a 82 days ago [-]
When I saw that link I thought maybe it was one of those: "add X to the recommended libraries list" PRs or something like that. But this is wild... it's literally an advertisement.
uusec 80 days ago [-]
Sorry for disturbing you,we just want to let more people know it and benefit from it!
gus_massa 80 days ago [-]
That will burn any goodwill in the GitHub community and here. People will get angry and flag ads, but also ignore or flag also good articles.
ssddanbrown 82 days ago [-]
The license used [1] would mean this very much wouldn't be widely considered open source, since the license sets limits on use and does not seem to provide open modification nor distribution.

[1] https://github.com/Safe3/uuWAF/blob/393262d525d0e35c14819bfa...

tomku 82 days ago [-]
I don't think it's even source-available? The repo has docs, a bunch of Lua scripts (for what software?), a small PHP module and a compiled "geo-ip firewall" binary. Most of the features mentioned on the Github page appear to only be in the paid version of the software, and this limited "free" version is delivered as a mystery-meat Docker image pulled from Huawei Cloud.

At best this is an advertisement that lies about being open source.

uusec 80 days ago [-]
This is partly open sourced, not fully. All the rules are open sourced. Because the docker mirrors downloading from Huawei Cloud is faster, so we use it.
uusec 80 days ago [-]
It's totally free for personal using for the community version
ubrpwnzr 82 days ago [-]
The docker images it builds from are on Huawei cloud? I’d approach this with caution.
chucky_z 82 days ago [-]
I would take this as two things at once, from personal opinion:

- There is probably a PRC backdoor somewhere in this

- This is probably very high quality software

I've dealt with Huawei security a little bit and in general Huawei as a company is really serious about security and handles low-level/deep security software pretty well.

Also based on what the top commenter posted about the license... I don't know how usable this actually is for anyone, lol.

uusec 80 days ago [-]
Complete prejudice and lies, why do those from China have backdoors and those from the United States are very secure? At least publicly available information shows that Huawei has never intentionally left backdoors, while the NSA in the United States is notorious!
uusec 80 days ago [-]
If you suspect there is a backdoor, please provide concrete evidence instead of imagination and false accusations
uusec 80 days ago [-]
Just because the docker mirrors downloading from Huawei Cloud is faster, so we use it. What's your problems with Huawei?
Sparkyte 82 days ago [-]
I have growing concerns with the increased costs of WAFs. I am certainly not getting excited about how expensive things are getting from places like Akamai and Cloudfront. I'm just idly waiting to see where things land. An OpenSource solution is nice although the costs for infrastructure do crank up. Wonder how this compares to Fastly?

I see others mention it isn't a truly free even if Open Source, is this thread an ad?

uusec 80 days ago [-]
It's totally free for personal using for the community version
uusec 80 days ago [-]
This is partly open sourced, not fully
sourtrident 82 days ago [-]
It's wild to see machine learning baked right into a free WAF - feels like having an AI watchdog that never sleeps. Curious to see how this shifts the security landscape long-term, especially for startups that can't afford heavyweight protection systems.
HumanOstrich 82 days ago [-]
All your comments read like they're generated by an LLM from a template.
mfro 82 days ago [-]
Definitely a bot.
uusec 80 days ago [-]
The machine learning is only for pro version, why so much prejudice?
pluto_modadic 82 days ago [-]
how does this compare to, say, https://github.com/corazawaf/coraza (Apache licensed, either embeddable as a library, as an nginx or caddy plugin, or standalone?)
uusec 80 days ago [-]
the coraza is a go version modsecurity, with the same problems as the modsecurity,too much false positives and false negatives
arunc 82 days ago [-]
Just curious, how do you test and benchmark the accuracy for such a product across different vendors, like CloudFlare?
uusec 80 days ago [-]
Any way, you can install it and test it by yourself!
curtisszmania 82 days ago [-]
[dead]
uusec 80 days ago [-]
People who have truly used it can express their opinions. Whoever uses it, says it!
80 days ago [-]
uusec 83 days ago [-]
[flagged]
HumanOstrich 82 days ago [-]
You already used this spam text in your spam issues you opened in other people's repos. Can't you get your LLM to generate some variety at least?
jacobmarble 82 days ago [-]
This reads like LLM generated text.
uusec 80 days ago [-]
Lies stop at the wise, only those who have used them have the right to speak
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 03:12:06 GMT+0000 (Coordinated Universal Time) with Vercel.