Public/Safe3-uusec-waf
2
0
Fork 0
mirror of https://github.com/Safe3/uusec-waf.git synced 2025-10-04 15:01:55 +08:00
Code Issues Projects Releases Packages Wiki Activity
Safe3-uusec-waf/docs/guide/problems.md
UUSEC Technology 2e3220e385 Add REST API
2025-07-08 15:49:26 +08:00

3.7 KiB
Raw Permalink Blame History

FAQ

The development of UUSEC WAF cannot be separated from the support of every user in the community. Welcome to Github to click on a little star, here to collect common usage questions.

🍎 Why does a blocking page with rule ID -1 appear when accessing a website?

?> If the domain name is not configured in the UUSEC WAF site management, access to the UUSEC WAF will be blocked by default to prevent legal risks caused by black domain name pointing.

🍐 How to obtain the real IP address of the client through the UUSEC WAF proxy website?

?> The HTTP request header forwarded by the UUSEC WAF to the website will include an X-Waf-Ip field, whose value is the client IP, which can also be obtained through X-Forwarded-For.

🍑 How can upstream websites distinguish different sources of UUSEC WAF in cluster mode?

?> The X-Waf-Id field will be added to the HTTP request header forwarded by UUSEC WAF to the website. Its value is the ID value configured by the user in /uuwaf/web/conf/config.json, and the user can use this value to distinguish which UUSEC WAF server the website request comes from.

🍊 How to check if the UUSEC WAF CDN has cached our webpage?

?> The UUSEC WAF provides an X-Waf-Cache return header to check the cache status, such as X-Waf-Cache: HIT indicating cached, and X-Waf-Cache: MISS indicating uncached.

🍍 How to modify the port and SSL certificate of the UUSEC WAF management ?

?> The configuration of the UUSEC WAF management is located in /uuwaf/web/conf/config.json, and the value of the addr field is the IP address and port. Replacing the SSL certificate can replace the server.crt and server.key files in the /uuwaf/web/conf/ directory, and then execute systemctl restart uuwaf to restart the service for the configuration to take effect.

🍈 How to modify the default listening port of the reverse proxy on the UUSEC WAF?

?> By default, the UUSEC WAF only listens to ports HTTP 80 and HTTPS 443. Users can customize any listening port in /uwaf/conf/uuwaf.conf. Please refer to nginx's listen configuration for more information to set up, then execute systemctl restart uuwaf to restart the service for the configuration to take effect. Docker users can modify the port mapping in docker-compose.yml.

🍌 Why can't obtain a free SSL certificate?

?> When using the HTTP-01 challenge to automatically obtain a Lets Encrypt free certificate with UUSEC WAF, you must ensure that port 80 of UUSEC WAF is publicly accessible from external sources to pass Lets Encrypts validation. There is no such restriction when using the DNS-01 challenge, which also allows applying for wildcard certificates. However, DNS propagation takes time, sometimes you may need to wait briefly before. Additionally, Lets Encrypt imposes monthly rate limits on certificate requests per registered domain, and requests are too frequent will cause issuance failures.

🍆 How to supplement and expand the number of sliding/rotating CAPTCHA images

?> Select PNG images of appropriate size, place them in the /uuwaf/captcha/images/ directory, then restart the service and apply the configuration.

🌶️ How to call the UUSEC WAF console's REST API?

?> When making the request, include Api-Token: xxxxxx in the HTTP headers - where "xxxxxx" represents your actual token value (which can be found in the UUSEC WAF system settings). Then you can successfully call the UUSEC WAF console's REST API.