Those guys are also opening "ad" issues on unrelated repositories[0]. Adding that to what others mentioned, it really doesn't inspire confidence in the software
The license used [1] would mean this very much wouldn't be widely considered open source, since the license sets limits on use and does not seem to provide open modification nor distribution.
I don't think it's even source-available? The repo has docs, a bunch of Lua scripts (for what software?), a small PHP module and a compiled "geo-ip firewall" binary. Most of the features mentioned on the Github page appear to only be in the paid version of the software, and this limited "free" version is delivered as a mystery-meat Docker image pulled from Huawei Cloud.
At best this is an advertisement that lies about being open source.
ubrpwnzr 22 hours ago [-]
The docker images it builds from are on Huawei cloud? I’d approach this with caution.
chucky_z 21 hours ago [-]
I would take this as two things at once, from personal opinion:
- There is probably a PRC backdoor somewhere in this
- This is probably very high quality software
I've dealt with Huawei security a little bit and in general Huawei as a company is really serious about security and handles low-level/deep security software pretty well.
Also based on what the top commenter posted about the license... I don't know how usable this actually is for anyone, lol.
Sparkyte 19 hours ago [-]
I have growing concerns with the increased costs of WAFs. I am certainly not getting excited about how expensive things are getting from places like Akamai and Cloudfront. I'm just idly waiting to see where things land. An OpenSource solution is nice although the costs for infrastructure do crank up. Wonder how this compares to Fastly?
I see others mention it isn't a truly free even if Open Source, is this thread an ad?
sourtrident 19 hours ago [-]
It's wild to see machine learning baked right into a free WAF - feels like having an AI watchdog that never sleeps. Curious to see how this shifts the security landscape long-term, especially for startups that can't afford heavyweight protection systems.
HumanOstrich 17 hours ago [-]
All your comments read like they're generated by an LLM from a template.
mfro 42 minutes ago [-]
Definitely a bot.
arunc 20 hours ago [-]
Just curious, how do you test and benchmark the accuracy for such a product across different vendors, like CloudFlare?
pluto_modadic 21 hours ago [-]
how does this compare to, say, https://github.com/corazawaf/coraza (Apache licensed, either embeddable as a library, as an nginx or caddy plugin, or standalone?)
curtisszmania 21 hours ago [-]
[dead]
uusec 1 days ago [-]
[flagged]
HumanOstrich 17 hours ago [-]
You already used this spam text in your spam issues you opened in other people's repos. Can't you get your LLM to generate some variety at least?
jacobmarble 20 hours ago [-]
This reads like LLM generated text.
Rendered at 14:31:33 GMT+0000 (Coordinated Universal Time) with Vercel.
https://github.com/goauthentik/authentik/issues/13521
[1] https://github.com/Safe3/uuWAF/blob/393262d525d0e35c14819bfa...
At best this is an advertisement that lies about being open source.
- There is probably a PRC backdoor somewhere in this
- This is probably very high quality software
I've dealt with Huawei security a little bit and in general Huawei as a company is really serious about security and handles low-level/deep security software pretty well.
Also based on what the top commenter posted about the license... I don't know how usable this actually is for anyone, lol.
I see others mention it isn't a truly free even if Open Source, is this thread an ad?