mirror of
https://github.com/Safe3/uusec-waf.git
synced 2025-10-03 22:41:54 +08:00
### Feature Updates **Interface & Management** - Redesigned main program and management interface with improved aesthetics and usability, supports UI language switching (English/Chinese) - Added Rule Collections functionality: Create custom rule templates for batch configuration - Introduced whitelist rules that terminate further rule matching upon success - UUSEC WAF Rules API intelligent suggestions during advanced rule editing:ml-citation - New plugin management supporting hot-reloaded plugins to extend WAF capabilities **Protocol & Optimization** - Supports streaming responses for continuous data push (e.g., LLM stream outputs) - Enables Host header modification during proxying for upstream service access - Search engine validation: `waf.searchEngineValid(dns,ip,ua)` prevents high-frequency rules from affecting SEO indexing - Interception log report generation (HTML/PDF exports) - Automatic rotation of UUSEC WAF error/access logs to prevent performance issues **Security & Infrastructure** - Expanded free SSL certificate support: HTTP-01 & DNS-01 verification across 50+ domain providers - Customizable advanced WAF settings: HTTP2, GZIP, HTTP Caching, SSL protocols, etc - Cluster configuration: Manage UUSEC WAF nodes and ML servers via web UI
96 lines
2.3 KiB
Bash
96 lines
2.3 KiB
Bash
#!/bin/bash
|
|
|
|
# UUSEC WAF one click installation script
|
|
# Supported system: CentOS/RHEL 7+, Debian 11+, Ubuntu 18+, Fedora 32+, etc
|
|
|
|
info() {
|
|
echo -e "\033[32m[UUSEC WAF] $*\033[0m"
|
|
}
|
|
|
|
warning() {
|
|
echo -e "\033[33m[UUSEC WAF] $*\033[0m"
|
|
}
|
|
|
|
abort() {
|
|
echo -e "\033[31m[UUSEC WAF] $*\033[0m"
|
|
exit 1
|
|
}
|
|
|
|
if [[ $EUID -ne 0 ]]; then
|
|
abort "This script must be run with root privileges"
|
|
fi
|
|
|
|
OS_ARCH=$(uname -m)
|
|
case "$OS_ARCH" in
|
|
x86_64)
|
|
;;
|
|
*)
|
|
abort "Unsupported CPU arch: $OS_ARCH"
|
|
;;
|
|
esac
|
|
|
|
if [ -f /etc/os-release ]; then
|
|
source /etc/os-release
|
|
OS_NAME=$ID
|
|
OS_VERSION=$VERSION_ID
|
|
elif type lsb_release >/dev/null 2>&1; then
|
|
OS_NAME=$(lsb_release -si | tr '[:upper:]' '[:lower:]')
|
|
OS_VERSION=$(lsb_release -sr)
|
|
else
|
|
abort "Unable to detect operating system"
|
|
fi
|
|
|
|
check_ports() {
|
|
if [ $(command -v ss) ]; then
|
|
for port in 80 443 777 4443 4447 6612; do
|
|
if ss -tln "( sport = :${port} )" | grep -q LISTEN; then
|
|
abort "Port ${port} is occupied, please close it and try again"
|
|
fi
|
|
done
|
|
fi
|
|
}
|
|
|
|
install_waf() {
|
|
if [ ! $(command -v curl) ]; then
|
|
$( command -v yum || command -v apt-get || command -v zypper ) -y install curl
|
|
fi
|
|
curl https://uuwaf.uusec.com/docker.tgz -o /tmp/docker.tgz
|
|
mkdir -p /opt && tar -zxf /tmp/docker.tgz -C /opt/
|
|
if [ $? -ne "0" ]; then
|
|
abort "Installation of UUSEC WAF failed"
|
|
fi
|
|
}
|
|
|
|
allow_firewall_ports() {
|
|
if [ ! -f "/opt/waf/.fw" ];then
|
|
echo "" > /opt/waf/.fw
|
|
if [ $(command -v firewall-cmd) ]; then
|
|
firewall-cmd --permanent --add-port={80,443,4443,4447}/tcp > /dev/null 2>&1
|
|
firewall-cmd --reload > /dev/null 2>&1
|
|
elif [ $(command -v ufw) ]; then
|
|
for port in 80 443 4443 4447; do ufw allow $port/tcp > /dev/null 2>&1; done
|
|
ufw reload > /dev/null 2>&1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
main() {
|
|
info "Detected system: ${OS_NAME} ${OS_VERSION} ${OS_ARCH}"
|
|
|
|
warning "Check for port conflicts ..."
|
|
check_ports
|
|
|
|
if [ ! -e "/opt/waf" ]; then
|
|
warning "Install UUSEC WAF ..."
|
|
install_waf
|
|
else
|
|
abort 'The directory "/opt/waf" already exists, please confirm to remove it and try again'
|
|
fi
|
|
|
|
warning "Add firewall ports exception ..."
|
|
allow_firewall_ports
|
|
|
|
bash /opt/waf/manager.sh
|
|
}
|
|
|
|
main
|