The New WAF Choice for Developers: SafeLine

This content originally appeared on DEV Community and was authored by Lulu

What is a WAF?

A Web Application Firewall (WAF) acts as a security shield for your server exposed to the internet. Without a WAF, your server is vulnerable to various attacks such as SQL injection, code injection, and website backdoors. Even if these threats don't concern you directly, hackers can exploit these vulnerabilities to deploy mining scripts on your server, leading to CPU overload and resource exhaustion.

Why Choose SafeLine?

1. Cost Control:
   
   SafeLine offers both a Community Edition and a Professional Edition. The free Community Edition provides all the essential features to meet my current needs without any additional cost.

2. Easy Deployment:
   
   As a frequent Docker user, I appreciate that SafeLine supports containerized deployment. It’s ready to use out of the box, saving me from unnecessary setup hassles.

3. Security Protection:
   
   For personal websites, having a secure and stable environment is paramount. SafeLine delivers a straightforward yet reliable security solution, ensuring your small space remains safe and sound.

Introduction to SafeLine

SafeLine is a WAF meticulously developed by Chaitin Technology over nearly a decade. Its core detection capabilities are driven by intelligent semantic analysis algorithms. The traffic processing engine is built on Nginx and operates as a reverse proxy, intercepting traffic before it reaches your web server. SafeLine inspects and cleans malicious traffic, forwarding only sanitized traffic to your server.

This architecture ensures that external attack traffic never reaches your web server, providing robust protection.

Architecture Diagram

Deploying SafeLine

1. Installation

SafeLine offers multiple installation methods. For detailed instructions, refer to the official documentation: SafeLine Installation Guide.

To quickly install SafeLine, execute the following command:

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"

Upon successful installation, you'll receive access details. Make sure to save them:

[SafeLine] Initial username: admin
[SafeLine] Initial password: **********
[SafeLine] Done

2. Log into the Console

Open your browser and navigate to the backend management page at https://<your-server-ip>:9443. Enter the username and password provided during installation to access the homepage.

3. Configure Your Site

My original setup was: Domain → Nginx listening on port 80 and forwarding → Application. To integrate SafeLine, I simply configured SafeLine to proxy Nginx, as shown below:

Of course, SafeLine can also work alongside Nginx if preferred.

3.1 Start Configuration

Navigate through the menu: Web Services → Add Web Service

• Domain: Your domain or server IP
• Port: 80
• Upstream Server: Your server IP + application port

Submit the configuration. Access your domain or IP directly and check the homepage to ensure your requests are being processed through SafeLine.

3.2 Test Protection

If you see your requests, it means SafeLine has been successfully integrated. You can perform some test attacks to verify, but avoid repeated attempts as SafeLine will block your IP after multiple attacks.

For example:

• Simulate SQL Injection: Visit http://<your-domain>:<port>/?id=1%20AND%201=1
• Simulate XSS: Visit http://<your-domain>:<port>/?html=<script>alert(1)</script>

If you see the protective shield icon, your site is secure.

3.3 Configure Dynamic Protection

Dynamic protection helps safeguard your website’s source code. To configure it, follow these steps: Menu → Web Services → Dynamic

3.4 Other Features

• Rate Limiting: Enable high-frequency access and attack rate limiting to prevent your site from being overwhelmed by repeated requests. Even if your site doesn’t hold critical data, you don’t want it constantly under attack.

• Force HTTPS: In the proxy settings, you can enforce HTTPS. If you don’t have an SSL certificate, you can apply for a free one with a one-year validity. Upload the certificate in SafeLine’s certificate management.

Change your listening port to 443, enable SSL, select your certificate, and submit. Enjoy the added security provided by SafeLine!

Note: If you need more detailed information, please refer to the official documentation: SafeLine Documentation

This content originally appeared on DEV Community and was authored by Lulu

Print Share Comment Cite Upload Translate Updates

APA

Lulu | Sciencx (2024-09-03T04:01:16+00:00) The New WAF Choice for Developers: SafeLine. Retrieved from https://www.scien.cx/2024/09/03/the-new-waf-choice-for-developers-safeline/

MLA

" » The New WAF Choice for Developers: SafeLine." Lulu | Sciencx - Tuesday September 3, 2024, https://www.scien.cx/2024/09/03/the-new-waf-choice-for-developers-safeline/

HARVARD

Lulu | Sciencx Tuesday September 3, 2024 » The New WAF Choice for Developers: SafeLine., viewed ,<https://www.scien.cx/2024/09/03/the-new-waf-choice-for-developers-safeline/>

VANCOUVER

Lulu | Sciencx - » The New WAF Choice for Developers: SafeLine. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/09/03/the-new-waf-choice-for-developers-safeline/

CHICAGO

" » The New WAF Choice for Developers: SafeLine." Lulu | Sciencx - Accessed . https://www.scien.cx/2024/09/03/the-new-waf-choice-for-developers-safeline/

IEEE

" » The New WAF Choice for Developers: SafeLine." Lulu | Sciencx [Online]. Available: https://www.scien.cx/2024/09/03/the-new-waf-choice-for-developers-safeline/. [Accessed: ]

rf:citation

» The New WAF Choice for Developers: SafeLine | Lulu | Sciencx | https://www.scien.cx/2024/09/03/the-new-waf-choice-for-developers-safeline/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.