I've always had a strong liking for Chaitin Technology, and today, I’m testing out their WAF product called “SafeLine.” I’ve been aware of SafeLine for a long time, but back then, it was a paid service without a community edition. Now, I'm excited to give the community edition a shot.
What is SafeLine?
SafeLine is a network attack detection system based on big data and machine learning technologies. By continuously monitoring and analyzing threat intelligence, attack data, and vulnerability information from around the globe, SafeLine quickly identifies and recognizes unknown security threats. It accurately determines the type and origin of attacks and promptly issues alerts. Additionally, SafeLine features a self-developed intelligent defense engine and a user-friendly visual management interface, providing efficient attack prevention and comprehensive security monitoring. This makes it a robust and reliable cloud security solution for users.
Key features include:
- Pre-configured protection: SafeLine comes with effective out-of-the-box protection, requiring no manual rule maintenance.
- Accurate detection: The detection rules are stringent, minimizing false positives.
- Detection of unknown threats: It can detect attacks based on unknown behaviors.
- Deep encoding attack detection: SafeLine can detect deeply encoded attacks.
- Bypass attack detection: It is also effective against attacks that attempt to bypass traditional signatures.
Installation and Usage
-
Download Links
- Official Documentation: SafeLine Docs
- GitHub Repository: SafeLine on GitHub
- Online Demo: SafeLine Demo
-
Download & Install
- Upload the package to your server.
Use Docker to build SafeLine. Make sure your Docker version is >= 20.10.14, and Docker Compose is >= 2.0.0.
-
To check your current Docker version, use the following command:
yum list installed | grep docker
-
If necessary, uninstall older Docker packages:
yum -y remove docker*
-
Install Docker and start it:
yum install -y yum-utils yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum -y install docker-ce systemctl start docker
-
Access & Configure
- After starting the container, you can access SafeLine through port 9443. Simply log in to get started.
- Since my blog and WAF are on the same host, I configured it to use
127.0.0.1
.
- My blog is accessible through port 8080 (you can also use port 80 if preferred).
-
Testing the WAF
- I used AWVS (Acunetix Web Vulnerability Scanner) to test SafeLine's performance.
- During the testing, the CPU load remained around 30%, which is quite impressive for small to medium-sized websites.
- The WAF handled a significant amount of attack traffic effectively, and as per the official claims, it resulted in nearly zero false positives.