Deploying Free WAF SafeLine Using Docker

Lulu - Aug 15 - - Dev Community

With more people setting up private clouds, NAS, home theaters, blogs, and library management systems at home, some of these systems are being exposed to the public internet to enable remote access. In such cases, deploying a Web Application Firewall (WAF) like SafeLine to protect your data is crucial.

System Requirements

Before installing SafeLine, ensure that your system meets the following requirements:

  • Operating System: Linux
  • CPU Architecture: x86_64 with SSSE3 instruction set support
  • Software Dependencies: Docker version 20.10.14 or above, Docker Compose version 2.0.0 or above
  • Minimum Resources: 1 core CPU, 1 GB RAM, 5 GB disk space

How to Check Your System

To verify your system's compatibility, use the following commands:

  • Check CPU architecture: uname -m
  • View CPU information: cat /proc/cpuinfo | grep "processor"
  • Confirm SSSE3 support: lscpu | grep ssse3
  • Check Docker version: docker version
  • Check Docker Compose version: docker compose version
  • Check old Docker Compose version: docker-compose version
  • View memory information: free -h
  • View disk space: df -h

Download and Install SafeLine

  1. Download the installation package:
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
Enter fullscreen mode Exit fullscreen mode
  1. Upload the package to your server.

Image description

  1. Import into Docker:
   cat image.tar.gz | gzip -d | docker load
Enter fullscreen mode Exit fullscreen mode
  1. Create SafeLine directory:
   mkdir -p "/data/safeline"
   cd "/data/safeline"
Enter fullscreen mode Exit fullscreen mode
  1. Download the compose script:
   wget https://waf.chaitin.com/release/latest/compose.yaml
Enter fullscreen mode Exit fullscreen mode
  1. Configure environment variables:
   cd "/data/safeline"
   touch ".env"
Enter fullscreen mode Exit fullscreen mode

Set the following variables in your .env file:

   SAFELINE_DIR=/data/safeline
   IMAGE_TAG=latest
   MGT_PORT=9443
   POSTGRES_PASSWORD=password
   SUBNET_PREFIX=172.22.222
   IMAGE_PREFIX=chaitin
Enter fullscreen mode Exit fullscreen mode
  1. Start SafeLine.

Image description

  1. Login: Access the management interface via your browser at http://<your-ip>:9443.

Image description

  1. Reset the password if necessary.

Image description

Configuring Protection Sites

Image description

If your WAF and the site you want to protect are on the same server, and the protected site is running on port 9900, you can configure SafeLine to listen on port 80, with port 9900 as the upstream service. In this example, the site on port 9900 is a cloud document system.

Image description

After configuration, you only need to access the site via http://<your-ip>:80.

Testing and Monitoring

You can trigger alerts by simulating attack behavior to see how SafeLine responds.

Image description

Check the WAF alerts to confirm that attacks have been intercepted.

Image description

Shutting Down the WAF

Image description

SafeLine’s free version offers protection against common attacks, which should suffice for most users. For advanced users, custom rules can be created for even more effective protection.

Website: https://waf.chaitin.com
GitHub: https://github.com/chaitin/SafeLine

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .