UUSEC WAF

Network Security

A free, high‑performance web application firewall with AI/semantic detection and three‑layer defense (traffic, system, runtime)

Shell Latest v7.2.3 · 4d ago Security brief →

Features

Intelligent 0‑day defense using machine‑learning anomaly detection
Ultimate CDN acceleration with regex‑based cache cleaning surpassing nginx's commercial version
Dual‑layer proactive defense via HIPS (host) and RASP (runtime) engines

View all 14 releases →

Config change

v7.2.3 Mixed 4d

Auth

Basic auth plugin + IP threat fix

Open

Upgrade now

v7.2.2 Security relevant 8d

Dependencies

CVE-2026-9256 fix

Open

Upgrade now

v7.2.1 Security relevant 18d

Dependencies

nginx vulnerability fixes

Open

v7.2.0 Breaking risk 2mo

Breaking changes

Notable features

Log-only rule functionality added with constants waf.RULE_BLOCK, waf.RULE_ALLOW, and waf.RULE_LOG_ONLY

Full changelog

[!WARNING]
Attention: This version is incompatible with older versions and does not support direct upgrade from previous versions.

Supports log-only rule functionality, introducing three new rule constants: waf.RULE_BLOCK, waf.RULE_ALLOW, and waf.RULE_LOG_ONLY. When a rule returns these values, they represent block, allow, and log-only actions, respectively.

v7.1.2 Feature 2mo

Notable features