DEV Community

nosec
nosec

Posted on

One of the top free WAF for Web Application Security: UUSEC WAF

#opensource #cybersecurity #devops #webdev

UUSEC WAF Web Application Firewall is an industrial grade free, high-performance, and highly scalable web application and API security protection product that supports AI and semantic engines. It is a comprehensive website protection product launched by UUSEC Technology, which first realizes the three-layer defense function of traffic layer, system layer, and runtime layer.

Screenshot

Today, let’s dive into UUSEC WAF, a powerful and free open-source WAF.

The host version installation:
System requirements: RHEL 7 and above are compatible with x86_64 systems, such as CentOS, Rocky Linux, AlmaLinux, etc.

sudo yum install -y ca-certificates
curl https://uuwaf.uusec.com/waf-install -o waf-install && sudo bash ./waf-install && rm -f ./waf-install
Enter fullscreen mode Exit fullscreen mode

After successful installation, it will display "Congratulations, successful installation".

The docker version installation:
Software dependencies: Docker version 20.10.14 or above, Docker Compose version 2.0.0 or above, lower versions may cause SQL data to be unable to be imported, resulting in login issues in the UUSEC WAF management.
If you encounter the inability to automatically install Docker Engine, please install it manually.

curl -fsSL https://uuwaf.uusec.com/waf.tgz -o waf.tgz && tar -zxf waf.tgz && sudo bash ./waf/uuwaf.sh
Enter fullscreen mode Exit fullscreen mode

Subsequently, bash ./waf/uuwaf.sh is used to manage the UUSEC WAF container, including starting, stopping, updating, uninstalling, etc.

Quick Start:

  1. Login to the management: Access https://ip:4443 ,the IP address is the server IP address for installing the UUSEC WAF, the default username is "admin", and the default password is "Passw0rd!".
  2. Add a site: Go to the "Sites" menu, click the "Add Site" button, and follow the prompts to add the site domain name and website server IP.
  3. Add SSL certificate: Go to the certificate management menu, click the "Add Certificate" button, and upload the HTTPS certificate and private key file of the domain name. If you do not add an SSL certificate, the UUSEC WAF will automatically attempt to apply for a Let's Encrypt free SSL certificate and renew it automatically before the certificate expires.
  4. Change the DNS address of the domain: Go to the domain name service provider's management backend and change the IP address recorded in the DNS A of the domain name to the IP address of the UUSEC WAF server.
  5. Test connectivity: Visit the site domain to see if the website can be opened, and check if the returned HTTP header server field is uuWAF.

Website: https://uuwaf.uusec.com/
GitHub: https://github.com/Safe3/uuWAF

Top comments (0)

Read next

keploy profile image

Understanding the HTTP 500 Internal Server Error: Causes, Solutions, and Prevention

keploy -

visdom_04_88f1c6e8a47fe74 profile image

Agentic Mesh: Pioneering the Future of Autonomous Agent Ecosystems

VISDOM 04 -

razaulhaque1334 profile image

Software knowledge

Md. Razaul Haque -

bytefer profile image

Top 8 Most Popular Open-Source Next.js Boilerplates/Starter

Bytefer -