DEV Community

Lulu
Lulu

Posted on • Edited on

SafeLine: An open-source web application firewall that provides security at no cost.

SafeLine: Your First Line of Defense Against Web Attacks

When your website goes online, the first challenge you may encounter isn't your clients but potential attacks from the internet. Today, we're introducing SafeLine, an open-source project that has quickly become the top open-source Web Application Firewall (WAF) on GitHub, providing robust protection against cyber threats.

Image description

What is SafeLine?

SafeLine is a free web application firewall (WAF) designed to be both simple and powerful, aimed at protecting websites from hacker attacks. It utilizes industry-leading semantic engine detection technology, functioning as a reverse proxy. The core detection capabilities of SafeLine are driven by intelligent semantic analysis algorithms, offering top-tier protection.

Image description

SafeLine integrates via a reverse proxy, intercepting traffic before it reaches the web servers. It detects and removes malicious activities within the traffic, forwarding only sanitized traffic to the web servers. This approach ensures that external attack traffic never reaches your servers.

Image description

Installing SafeLine

Resource Requirements

To install SafeLine, ensure your system meets the following requirements:

  • Operating System: Linux
  • Architecture: x86_64
  • Software Dependencies: Docker version 20.10.6 or above / Docker Compose version 2.0.0 or above
  • Minimum Environment: 1 core CPU, 1 GB RAM, 5 GB disk space

1. Automatic Installation

The simplest method is to use the provided one-click installation script. Execute the following command as the root user:



bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"


Enter fullscreen mode Exit fullscreen mode

2. Manual Installation

Alternatively, you can manually install SafeLine:

  1. Create SafeLine Directory: ```bash

mkdir -p "/data/safeline"

   This command creates the `/data/safeline` directory as the installation directory for SafeLine.

2. **Ensure Sufficient Disk Space**:  
   Ensure that the directory has at least 5GB of storage space.

3. **Download `compose.yaml`**:  
   ```bash


   cd "/data/safeline"
   wget "https://waf-ce.chaitin.cn/release/latest/compose.yaml"


Enter fullscreen mode Exit fullscreen mode
  1. Create .env Configuration File: Create a .env file in the SafeLine directory and enter the following details: ```env

SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD={your-postgres-password}
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline


5. **Start the Services**:  
   Start the SafeLine services using Docker Compose:
   ```bash


   docker compose up -d


Enter fullscreen mode Exit fullscreen mode

Once the services are started, access SafeLine by visiting https://127.0.0.1:9443/ in your web browser.

Accessing SafeLine

After installing SafeLine, log in to the management interface to configure your sites.

Configuring Sites

First, configure the sites you want to protect. It is recommended to deploy SafeLine on a dedicated server to avoid potential risks and high server load.

Image description

Image description

After completing the configuration, when you access your domain name through a web browser, you should receive responses from your website. The "Today's Requests" count should increase on the data statistics page, indicating successful configuration.

Image description

We can simulate attacks on the website, such as SQL injection or XSS attacks, to test SafeLine’s capabilities:

  • SQL Injection Simulation


https://example.com/?id=1+and+1=2+union+select+1



Enter fullscreen mode Exit fullscreen mode
  • XSS Attack Simulation


https://example.com/?id=


Enter fullscreen mode Exit fullscreen mode

If SafeLine is properly configured and functioning, these attacks should indeed be intercepted and prevented as shown in the screenshot or monitoring page. This demonstrates SafeLine’s ability to protect your website from common web application vulnerabilities.

Image description

Dynamic Protection

In SafeLine 6.0, dynamic protection features have been introduced. Dynamic protection endows web pages with dynamic characteristics while maintaining the appearance seen by users. This includes:

  • Safeguarding frontend code privacy
  • Preventing web crawling activities
  • Blocking vulnerability scanning activities
  • Thwarting exploit attempts

Image description

Dynamic Protection Capabilities

  • HTML Dynamic Encryption
  • JavaScript Dynamic Obfuscation

Image description

Dynamic encryption can be configured for specific paths.

Image description

Advanced Site Protection

Advanced site protection allows for configuring additional security measures such as blacklisting, whitelisting, CAPTCHA, and identity verification, enhancing protection against automated threats while validating legitimate traffic.

Image description

Image description

Product Features

  • Convenience: Easy installation via containerization, with out-of-the-box security configurations requiring no manual maintenance.
  • Security: Industry-leading semantic analysis algorithms for precise detection, low false positives, and resilience against unknown 0-day attacks.
  • High Performance: Linear security detection algorithms with millisecond-level detection latency and robust concurrency handling.
  • High Availability: Nginx-based traffic processing engine ensures both performance and stability with a 99.99% service availability guarantee.

Summary

SafeLine is an exceptional WAF product that, as an open-source project, offers high functionality and completeness. It meets the needs of both enterprises and individuals. If you require a WAF and have concerns about costs, consider trying the SafeLine Community Edition.

Project Information

Top comments (0)