Introduction to SafeLine WAF
SafeLine Web Application Firewall (WAF) is a simple, user-friendly, and robust free WAF solution.
Built on industry-leading semantic engine detection technology, SafeLine as a reverse proxy to protect your website from hacker attacks. After nearly 10 years of development, Chaitin Technology has crafted this tool with dedication. Its core detection capabilities are driven by intelligent semantic analysis algorithms. With SafeLine, hackers won't be able to breach your defenses.
Key Features
- Easy To Use: Deployed by Docker, one command can complete the installation. Get started at 0 cost.
- High Security Efficacy: The world's first NGWAF based on the semantic analysis intelligent algorithm. Naturally against more than 70% of zero-day attacks.
- High Performance: Average request detection delay at 1 millisecond level. Single core easily detects 2000+ TPS.
- High Availability: Built-in complete health check mechanism, service availability is as high as 99.99%.
For more details, refer to the official documentation:
SafeLine WAF Documentation.
Deploying and Using SafeLine WAF
1. Install Docker on CentOS7
First, ensure you have Docker installed on your CentOS7 server. You can use a one-click script to complete the Docker installation:
2. Create and Enter the SafeLine Installation Directory
Create a directory for SafeLine and navigate into it:
mkdir -p safeline # Create the safeline directory
cd safeline # Enter the safeline directory
Download the compose script compose.yaml and upload it to the safeline directory.
Download Link:
https://waf.chaitin.com/release/latest/compose.yaml
echo "SAFELINE_DIR=$(pwd)" >> .env
echo "IMAGE_TAG=latest" >> .env
echo "MGT_PORT=9443" >> .env
echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env
echo "REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env
echo "SUBNET_PREFIX=172.22.222" >> .env
docker compose up -d
3.Add SSL Certificates
4.Add Protected Site
Deploy SafeLine on a Dedicated Device
If you can provide a dedicated device for deploying SafeLine, you need to:
- Redirect Website Traffic to SafeLine: Update your DNS settings to point your domain to SafeLine.
- Restrict Access on the Web Server: Block all access to your web server except for traffic coming from SafeLine. Configure the firewall to achieve this.
SafeLine Configuration for the Corresponding Site
-
Domain: Public domain name
example.com -
Port:
80or443/ssl -
Upstream Server: Address of the web server
http://192.168.10.10
Open Corresponding Ports on the Firewall
Make sure to open the necessary ports on your firewall:
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --reload
5.Configure Domain Resolution
Ensure your site's domain points to the WAF:
6.Testing WAF Interception Capabilities
To ensure that SafeLine WAF is properly intercepting attacks, you can simulate common web attacks such as SQL injection and XSS.
- Simulate SQL Injection
http://<IP-or-domain>:<port>/?id=1%20AND%201=1
- Simulate XSS
http://<IP-or-domain>:<port>/?html=<script>alert(1)</script>
When you visit URLs, you should see that SafeLine has detected and blocked the attack requests.
7.Automated Testing of WAF Protection
You can use the BlazeHTTP tool to automate the testing of SafeLine WAF's protection capabilities.
https://github.com/chaitin/blazehttp/releases
blazehttp_0.0.3_linux_amd64.zip
chmod 777 blazehttp
./blazehttp -t https://your-waf-site.com -g './testcases/*/*.http'
By running these commands, BlazeHTTP will execute a series of test cases.
8.Protection Effectiveness
Top comments (0)