NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
A powerful free and open source WAF – UUSEC WAF (github.com)
risson 112 days ago [-]
Those guys are also opening "ad" issues on unrelated repositories[0]. Adding that to what others mentioned, it really doesn't inspire confidence in the software

https://github.com/goauthentik/authentik/issues/13521

throwaway2016a 111 days ago [-]
When I saw that link I thought maybe it was one of those: "add X to the recommended libraries list" PRs or something like that. But this is wild... it's literally an advertisement.
uusec 109 days ago [-]
Sorry for disturbing you,we just want to let more people know it and benefit from it!
gus_massa 109 days ago [-]
That will burn any goodwill in the GitHub community and here. People will get angry and flag ads, but also ignore or flag also good articles.
ssddanbrown 112 days ago [-]
The license used [1] would mean this very much wouldn't be widely considered open source, since the license sets limits on use and does not seem to provide open modification nor distribution.

[1] https://github.com/Safe3/uuWAF/blob/393262d525d0e35c14819bfa...

tomku 112 days ago [-]
I don't think it's even source-available? The repo has docs, a bunch of Lua scripts (for what software?), a small PHP module and a compiled "geo-ip firewall" binary. Most of the features mentioned on the Github page appear to only be in the paid version of the software, and this limited "free" version is delivered as a mystery-meat Docker image pulled from Huawei Cloud.

At best this is an advertisement that lies about being open source.

uusec 109 days ago [-]
This is partly open sourced, not fully. All the rules are open sourced. Because the docker mirrors downloading from Huawei Cloud is faster, so we use it.
uusec 109 days ago [-]
It's totally free for personal using for the community version
ubrpwnzr 112 days ago [-]
The docker images it builds from are on Huawei cloud? I’d approach this with caution.
chucky_z 112 days ago [-]
I would take this as two things at once, from personal opinion:

- There is probably a PRC backdoor somewhere in this

- This is probably very high quality software

I've dealt with Huawei security a little bit and in general Huawei as a company is really serious about security and handles low-level/deep security software pretty well.

Also based on what the top commenter posted about the license... I don't know how usable this actually is for anyone, lol.

uusec 109 days ago [-]
Complete prejudice and lies, why do those from China have backdoors and those from the United States are very secure? At least publicly available information shows that Huawei has never intentionally left backdoors, while the NSA in the United States is notorious!
uusec 109 days ago [-]
If you suspect there is a backdoor, please provide concrete evidence instead of imagination and false accusations
uusec 109 days ago [-]
Just because the docker mirrors downloading from Huawei Cloud is faster, so we use it. What's your problems with Huawei?
Sparkyte 112 days ago [-]
I have growing concerns with the increased costs of WAFs. I am certainly not getting excited about how expensive things are getting from places like Akamai and Cloudfront. I'm just idly waiting to see where things land. An OpenSource solution is nice although the costs for infrastructure do crank up. Wonder how this compares to Fastly?

I see others mention it isn't a truly free even if Open Source, is this thread an ad?

uusec 109 days ago [-]
It's totally free for personal using for the community version
uusec 109 days ago [-]
This is partly open sourced, not fully
sourtrident 112 days ago [-]
It's wild to see machine learning baked right into a free WAF - feels like having an AI watchdog that never sleeps. Curious to see how this shifts the security landscape long-term, especially for startups that can't afford heavyweight protection systems.
HumanOstrich 112 days ago [-]
All your comments read like they're generated by an LLM from a template.
mfro 111 days ago [-]
Definitely a bot.
uusec 109 days ago [-]
The machine learning is only for pro version, why so much prejudice?
pluto_modadic 112 days ago [-]
how does this compare to, say, https://github.com/corazawaf/coraza (Apache licensed, either embeddable as a library, as an nginx or caddy plugin, or standalone?)
uusec 109 days ago [-]
the coraza is a go version modsecurity, with the same problems as the modsecurity,too much false positives and false negatives
arunc 112 days ago [-]
Just curious, how do you test and benchmark the accuracy for such a product across different vendors, like CloudFlare?
uusec 109 days ago [-]
Any way, you can install it and test it by yourself!
curtisszmania 112 days ago [-]
[dead]
uusec 109 days ago [-]
People who have truly used it can express their opinions. Whoever uses it, says it!
109 days ago [-]
uusec 113 days ago [-]
[flagged]
HumanOstrich 112 days ago [-]
You already used this spam text in your spam issues you opened in other people's repos. Can't you get your LLM to generate some variety at least?
jacobmarble 112 days ago [-]
This reads like LLM generated text.
uusec 109 days ago [-]
Lies stop at the wise, only those who have used them have the right to speak
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 00:02:45 GMT+0000 (Coordinated Universal Time) with Vercel.