A Powerful, Open-Source WAF to Boost Your Website's Security

Lulu - Aug 23 - - Dev Community

Introduction: SafeLine—a free, easy-to-use, and robust Web Application Firewall (WAF). Built on industry-leading semantic analysis technology, SafeLine acts as a reverse proxy to shield your website from cyber threats. With an intelligent semantic analysis algorithm at its core, SafeLine is designed for the community, ensuring that hackers never gain the upper hand.

Image description

Key Features of SafeLine

  • Ease of Use: SafeLine's containerized deployment allows for installation with just a single command, making it extremely user-friendly.
  • Security: Utilizing a cutting-edge semantic analysis algorithm, SafeLine offers precise threat detection with low false positives and is tough to bypass.
  • Performance: SafeLine’s linear security detection algorithm delivers sub-millisecond average request processing delays.
  • Reliability: Powered by Nginx, SafeLine ensures both high performance and stability.

The Pitfalls of Traditional WAFs
Most Web Application Firewalls rely on rule-based pattern matching to identify and block malicious traffic. However, given the low cost and high variability of web attacks, security teams are often forced to constantly tweak protection rules to ensure both availability and security. Even then, false positives and missed detections can disrupt normal operations and leave services vulnerable.
The root of the problem lies in the limitations of rule-based detection methods.

SafeLine's Solution
Unlike traditional methods, SafeLine's approach is revolutionary. It reconstructs the capabilities of WAFs through algorithmic innovation. From its inception, SafeLine has explored new avenues for web security protection, introducing "intelligent semantic analysis" to solve web attack identification problems. This built-in "smart brain" enables SafeLine to autonomously recognize malicious behavior, continually improving through machine learning models, and delivering comprehensive web protection without relying on traditional rule sets.

SafeLine intelligently analyzes web requests and responses, enabling the WAF to accurately assess threats. The semantic analysis process involves lexical analysis, syntax analysis, semantic analysis, and threat model matching.

By deeply decoding HTTP/HTTPS payloads, SafeLine matches the content to the appropriate syntax compiler based on its programming language, then uses threat models to rate the threat level, blocking or allowing requests accordingly.

Compared to traditional rule-based detection, SafeLine’s intelligent semantic analysis technology boasts high accuracy with low false positives. For example, it excels in SQL injection detection.

Image description

Functionality Overview

  • Architecture: SafeLine’s detection engine combines intelligent semantic analysis with traffic learning, access control, and other protection techniques. It offers minimal false positives and excellent 0-day protection. With multi-level circuit breakers and high availability, it ensures business continuity. It supports deployment across various platforms, including clustered and containerized environments, and offers BOT management, API protection, DDoS protection, and threat intelligence.

Image description

  • Smart Attack Detection: SafeLine’s intelligent detection engine covers OWASP security risks, autonomously identifying and analyzing HTTP/HTTPS traffic to detect and block threats.

  • Traffic Learning: By analyzing user traffic characteristics, SafeLine learns from these requests, creating models based on customer traffic. SafeLine uses these models to detect and block abnormal traffic, effectively mitigating unauthorized access.

Image description

  • Customizable Access Control: SafeLine’s access control engine allows users to set specific frequency and IP black/white list policies for particular domains or URLs. It offers a session system to meet different access control needs.

Image description

  • Expandable with Plugins: SafeLine supports Lua scripting for custom plugins, enabling integration with other systems for a robust security framework. The WAF processes real-time traffic through its semantic analysis engine and calls business-related plugins for request handling, making it adaptable to various security needs.

  • Open API: SafeLine provides a fully open API, allowing all functionalities to be accessed programmatically. This includes retrieving logs and issuing security policies through SoC or SIEM platforms, enhancing security and operational management efficiency. Its RESTful API integrates quickly into existing security systems.

Image description

  • API Security: In addition to protecting HTTP/HTTPS web services, SafeLine also secures APIs by analyzing API traffic and blocking attacks, ensuring the safety of microservices and IoT.

  • DDoS Protection: SafeLine integrates with cloud-based scrubbing services to defend against DDoS attacks. By monitoring resource-heavy access attempts, it prevents malicious resource depletion, ensuring business continuity.

Image description

  • Deployment: SafeLine is available in both hardware and software forms, supporting various deployment modes, including bypass detection, transparent bridging, reverse proxy, routing proxy, and cluster reverse proxy. It also supports server traffic redirection and Kubernetes orchestration, making it versatile for different environments.

Installation

  • Requirements:

    • OS: Linux
    • Architecture: x86_64
    • Software Dependencies: Docker 20.10.6+, Docker Compose 2.0.0+
    • Minimum Environment: 1-core CPU / 1 GB RAM / 10 GB Disk
  • One-Click Installation (Recommended):

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
Enter fullscreen mode Exit fullscreen mode

Other deployment methods like Docker are also available; see the official documentation for more details.

Quick Start

  • Login: Open the management page in your browser at https://:9443 and log in as prompted.

Image description

  • Configure Protection: SafeLine acts as a reverse proxy, inspecting and cleaning traffic before forwarding it to your web server.

Image description
Image description

  • Testing: Simulate an attack by accessing:
    • http://:<port>/?id=1%20AND%201=1
    • http://:<port>/?a=

Image description

Give it a try and see how well SafeLine protects your site!

Demo: https://demo.waf.chaitin.com:9443
Discord: https://discord.gg/3aRJ4qfwjA
GitHub: https://github.com/chaitin/SafeLine

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .