Giter VIP home page Giter VIP logo

Comments (4)

jx-sec avatar jx-sec commented on May 26, 2024 1

感谢理解,我本身是搞安全的,所以看到后门这种说法情绪激动了些。

from jxwaf.

jx-sec avatar jx-sec commented on May 26, 2024

兄dei,首先说后门你肯定是没看代码的,在启动的时候会发起个http请求,用来获取规则而已,整个代码中就没有任何eval规则进lua虚拟机的操作,所以这种情况要是有人能利用这点搞事麻烦通知一声,我学习一波。
你要说故意留后面这种人品问题我是不认的,开个源共享下而已我还不至于干这种事。要是担心的话,获取规则的API在代码上写着,你可以每次reload前通过API查看你加载的是啥规则,在 WAF配置管理-> WAF规则展示功能中也可以查看。
之前其实是打算把jxwaf的服务端也开源的,但是因为目前我还在陆续迁移中,每天都在更新代码,而每个功能都是跟jxwaf服务端是绑定的,所以这种情况下,就算开源了只要不是每天都更新jxwaf服务端的代码,那肯定在使用上是有一堆问题的,基于这个考虑,我就干脆做成Saas模式,说是Saas模式其实也不算是,至少目前功能还不完善,只能算是个远程规则更新服务器而已,现在各大盒子WAF的都是这种操作来进行规则更新,本质上没啥区别,你就当用安全狗的Saas版就行了。
线下版本是肯定有的,因为本身这个项目就是我从线下版本迁移的开源版本。线下版本的功能还是最完整的,但是目前不打算开源,因为后续有出企业版的打算,到时就是免费线上开源版+本地企业版的情况,这也是比较成熟的开源模式,开源和商业版本彼此互补,你要有企业版需求的话也可以联系我,或者你用开源版也行,后续开源版和企业版的最大区别不在于功能和代码,而是各种定制开发和技术支持服务。

from jxwaf.

jx-sec avatar jx-sec commented on May 26, 2024

上面是吐槽,补充下你担心的安全问题的解决方案。
1、主动外链这个问题,你可以在防火墙限定jxwaf所在服务器只允许主动外连jxwaf.com域名或者IP
2、走https,jxwaf是有HTTPS接口的,后面文档会补全,使用HTTPS可以确保规则不会泄露

from jxwaf.

freegit9527 avatar freegit9527 commented on May 26, 2024

了解了,只是建议,没有指责留后门的意思,能开源已经非常好了,点赞。

from jxwaf.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.