DEV Community

Carrie
Carrie

Posted on

1 1 1 1 1

SafeLine WAF: Website Inaccessible After Configuration

#website #safelinewaf #waf #security

SafeLine is a WAF powered by a semantic analysis engine, unlike traditional signature-based solutions. It's self-hosted and very easy to deploy & configure.

Github: https://github.com/chaitin/SafeLine
Website: https://safepoint.cloud/landing/safeline

If you have configured your site following the guidelines but it remains inaccessible, here are the possible reasons to consider.

1 Check Error Code

When accessing the website, check the returned error code and use it to identify potential causes.

2 Common Causes

a. Incorrect site configuration – Wrong IP, port conflicts, etc.

b. Network issues between SafeLine and the configured site – Ensure connectivity.

c. Blocked access to the configured site port – Check firewall and security group settings.

d. Conflicting configurations – Check for incorrect settings preventing new configurations from taking effect.

e. SafeLine service issues – Run docker ps to check container status.

f. Proxy mismatch – SafeLine’s default reverse proxy settings may not match your origin server's needs.

📌 Tip: Logs from safeline-mgt and safeline-tengine containers can help with troubleshooting.

Website Inaccessibility Diagnosis Steps

Identify the Issue

  • 502 Bad Gateway tengine
    • Likely due to incorrect upstream server configuration or SafeLine being unable to reach it.

Image description

  • Slow Response Times

    • Check server load: CPU, memory, and bandwidth usage.
    • Run the following command from the client to test network performance: 
    curl -H "Host: <SafeLine IP>" -vv -o /dev/null -s -w 'time_namelookup: %{time_namelookup}\ntime_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n' http://<Upstream Server Address>
    • Long time_namelookup → Check DNS server configuration.
    • Long time_connect → Check network connection between SafeLine and upstream server.
    • Long time_starttransfer → Investigate upstream server load and resource availability.

If none of the above is your situation, proceed to the next step.

1️⃣ Test Client Access to SafeLine

Run:

curl -v -H "Host: <Domain or IP>" http://<SafeLine IP>:<SafeLine Listening Port>
Enter fullscreen mode Exit fullscreen mode
  • If you receive a response and the “Today’s Visits” count increases, SafeLine is correctly configured and network is normal.

Image description

  • If the browser cannot access the site but curl works, possible reasons:
    • The domain hasn’t pointed to SafeLine. Modify the local hosts file to map the domain to the SafeLine IP and retry.
    • Business logic redirects (e.g., 301 redirection) – analyze response headers for unexpected behavior.
    • If there is no response, go to the next step.

2️⃣ Test SafeLine’s Local Network Access

  • Run on SafeLine: 
curl -v -H "Host: <Domain or IP>" http://<SafeLine IP>:<SafeLine Listening Port>
Enter fullscreen mode Exit fullscreen mode

If this works but Step 1 fails, there is a network issue between the client and SafeLine.

  • Check firewall rules, open necessary ports.
  • If there is no response, go to the next step.

3️⃣ Test SafeLine’s Internal Connectivity

Run on SafeLine:

curl -H "Host: <Domain or IP>" http://127.0.0.1:<SafeLine Listening Port>
Enter fullscreen mode Exit fullscreen mode
  • If this works but Step 2 fails, and

telnet <SafeLine IP> <SafeLine Listening Port>

returns “Unable to connect to remote host: Connection refused”, the firewall on SafeLine may be blocking access.

  • Check both system and cloud provider firewalls.
  • If there is no response, go to the next step.

4️⃣ Verify SafeLine is Listening on the Correct Port

Run:

netstat -anp | grep <SafeLine Listening Port>

  • A properly configured SafeLine should show an nginx process listening on 0.0.0.0:.
  • If no process is found, report the issue via community support or GitHub with troubleshooting details.

Image description

5️⃣ Test SafeLine’s Connection to the Upstream Server

Run on SafeLine:

curl -H "Host: <Domain or IP>" <Upstream Server Address>
Enter fullscreen mode Exit fullscreen mode
  • If this works, SafeLine and the upstream server network are fine.
  • If Step 4 fails but this succeeds, the issue is likely a misconfiguration – check site configuration settings.
  • If this also fails, there is a network issue between SafeLine and the upstream server.

Final Steps

If none of these steps resolve the issue, seek support by providing:

  • Error messages
  • SafeLine logs (safeline-mgt and safeline-tengine)
  • Output of the above commands

For further assistance, join the discord community(https://discord.gg/dy3JT7dkmY) or post it on our SafePoint forum(https://safepoint.cloud/discussion) 🚀

Heroku
 Promoted

Heroku

Amplify your impact where it matters most — building exceptional apps.

Leave the infrastructure headaches to us, while you focus on pushing boundaries, realizing your vision, and making a lasting impression on your users.

Get Started

Top comments (0)

👋 Kindness is contagious

Dive into this informative piece, backed by our vibrant DEV Community

Whether you’re a novice or a pro, your perspective enriches our collective insight.

A simple “thank you” can lift someone’s spirits—share your gratitude in the comments!

On DEV, the power of shared knowledge paves a smoother path and tightens our community ties. Found value here? A quick thanks to the author makes a big impact.

Okay