Online Installation (Recommended!!!)
If your server has internet access, we recommend this installation method. Just copy and run the following command:
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
See the official documentation for additional installation details.
Login Process
- Open the management page in your browser:
https://<waf-ip>:9443. - Enter the initial admin password, which will be displayed automatically in the shell after installation.
If you forget the password, you can reset it manually with this command:
docker exec safeline-mgt resetadmin
Configuring Your Site
- Domain: domain name of your original website, or hostname, or ip address, for example: www.chaitin.com
- Port: port that SafeLine will listen, such as 80 or 443. (for https websites, please check the SSL option)
- Upstream: real address of your original website, through which SafeLine will forward traffic to it
1. Configuring SafeLine on a Dedicated Server (Recommended!!!)
Environment:
- Web Server: IPA, port 80, domain ‘example.com’
- SafeLine Server: IPB
Steps:
- Redirect the original website traffic to SafeLine’s IPB (this is required). For example, modify the DNS to point the domain to IPB.
- Refer to the configuration below.
- Block access to the web server except through SafeLine. You can achieve this by setting up a firewall.
If you can access your website at example.com:80 and the "Requests" count increases on the statistics page, the configuration was successful.
2. Configuring SafeLine on the Web Server (Not Recommended)
Note: This is not recommended as it increases the load on a single server, making it more prone to downtime and making upgrades and troubleshooting more difficult.
Environment:
- Web Server: IPA, port 80, domain ‘example.com’ Steps:
- Change the original website’s listening port to another port, freeing up port 80 for configuration.
- Refer to the configuration below.
If you can access your website at example.com:80 and the "Requests" count increases on the statistics page, the configuration was successful.
3. Configuring SafeLine with Other Reverse Proxy Devices
SafeLine can act as a reverse proxy and can be placed anywhere in the main traffic flow.
Point the traffic at the connection point to SafeLine and enter the next-hop server address in the "Upstream" field in SafeLine.
Environment:
- Web Server: IPA
- SafeLine Server: IPB
- Upstream Server: IPC, port C
- Downstream Server: IPD, domain ‘example.com’
Steps:
- Redirect the downstream Nginx traffic to SafeLine’s IPC and set the port to 80.
- Refer to the configuration below.
If you can access your website at example.com:80 and the "Requests" count increases on the statistics page, the configuration was successful.
Confirming Website Accessibility
Use the parameters you configured in SafeLine to access your site. Open your browser and go to http://<IP or domain>:<port>/.
- The default protocol is
http; checksslforhttps. - The hostname can be SafeLine’s IP or your website’s domain (make sure the domain is resolved to SafeLine).
- The port is the one you configured on the SafeLine page.
Simulating Attacks Manually
Simulate attacks by visiting the following URLs:
-
Simulate SQL Injection:
http://<IP or domain>:<port>/?id=1%20AND%201=1 -
Simulate XSS:
http://<IP or domain>:<port>/?html=<script>alert(1)</script>
In your browser, you will see that SafeLine has detected and blocked the attack requests.
Top comments (0)