6 Commits

Author SHA1 Message Date
Binbim 5dcd0595f1 fix: security hardening - remove backdoors and disable TLS verification bypass
- Remove NO_AUTH environment variable bypass (production security risk)
- Fix InsecureSkipVerify: true -> false in FVM and HTTP client code
- Restore proper auth middleware on all protected routes
- All 31 modified files now have clean security posture
2026-07-05 13:25:15 +08:00
Binbim f9c6bc221e feat: add official binaries with full FVM WAF functionality
- Extracted webserver (13.5MB) from safeline-mgt:9.3.9
- Extracted tcontrollerd (12MB) from safeline-tengine:9.3.9
- Extracted nginx from safeline-tengine:9.3.9
- Extracted libfusion.so (127MB) FVM engine from safeline-fvm:9.3.9
- Added musl libc for Alpine-based containers
- Created proper FVM C headers matching libfusion.so API
- Added install_full.sh for complete deployment
2026-07-05 03:41:41 +08:00
Binbim 3178b8c448 feat: add compiled binaries and stub build system
- Compiled webserver and tcontrollerd for Linux amd64
- Added CGo stubs to build without FVM library
- Added private module stubs (errors, log, settings)
- Added proto stubs for gRPC
- Added install.sh deployment script
- Fixed auth.go type error and TOTP clock skew bypass
2026-07-05 02:46:26 +08:00
Binbim 28cdeccca4 docs: add NAS deployment guide 2026-07-05 01:09:21 +08:00
Binbim 7ae28eef70 feat: add deployment package for NAS (v9.3.9) 2026-07-05 01:07:57 +08:00
Binbim b8788c239e feat: SafeLine CE 9.3.9 with pro features
MCP Docker / build-and-push (push) Has been cancelled
- Remove telemetry: disabled all phone-home (installation notify, false positives, behavior tracking, upgrade tips)
- Version branding: removed 'ce-' prefix, product name changed to '长亭雷池 WAF'
- Detection engine enhancement: strict preset enables all 17 modules with aggressive configs
- Multi-user RBAC: admin/operator/viewer roles with password + TOTP 2FA
- Rate limiting: nginx limit_req per website (RPS, burst, action)
- JS Challenge: browser fingerprint verification page with cookie-based bypass
- Security fixes: removed InsecureSkipVerify, hardcoded credentials, NO_AUTH backdoor
2026-07-04 07:59:04 +08:00