The SafeLine WAF provides a robust defense for websites, making it an ideal solution for individuals and small businesses looking to enhance their web security. In this guide, I'll walk you through the basic setup and configuration of SafeLine, including HTTP and HTTPS domain protection, certificate management, and attack simulation testing.
Once SafeLine WAF is installed, you can access the dashboard through the following URL: https://192.168.xx.xx:9443/dashboard
For detailed official documentation, visit: SafeLine WAF Configuration Guide
1. Adding an HTTP Domain for Protection
SafeLine uses port 80 by default for HTTP traffic. In my case, since both SafeLine and my Nginx server were hosted on the same machine, I had to change Nginx's port to 81 to avoid conflicts, as SafeLine needs to use ports 80 and 443.
To add a domain for protection:
- Add the domain in the SafeLine dashboard.
- Modify your local
hosts
file for testing and access the site via the new domain. You should notice incoming traffic being monitored.
Before accessing: 126 requests
After accessing: 127 requests
2. Adding an HTTPS Domain and Certificate Management
HTTP typically uses port 80, while HTTPS uses port 443. To secure your site with HTTPS, you'll need to upload a certificate.
To upload a certificate:
- Go to Web services -> SSL Cert -> Add Cert.
- SafeLine will automatically recognize the domain associated with the certificate. If you don’t have one, you can also create a self-signed certificate.
Initially, I attempted to use an existing Nginx certificate, but I encountered an x509 error due to a certificate format issue:
nginx: [emerg] PEM_read_bio_X509_AUX("xxxxxxxx.pem") failed (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)
nginx: configuration file nginx.conf test failed
To resolve this, I generated a self-signed certificate using the following command:
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=beijing/L=beijing/O=ceshi/OU=devops/CN=test.com"
With the certificate in place:
3. Testing WAF Protection
To test if SafeLine is working correctly, you can manually simulate some common web attacks. Open your browser and visit the following URLs to trigger SafeLine’s protection:
-
Simulate SQL Injection:
http://<IP or Domain>:<Port>/?id=1%20AND%201=1
-
Simulate XSS (Cross-Site Scripting):
http://<IP or Domain>:<Port>/?html=<script>
SafeLine should detect and block these requests. If an attack isn't blocked, refer to the documentation for troubleshooting guidance on protection issues.
During my test, SafeLine successfully blocked the SQL injection attack and logged the IP address involved.
4. Defending Against DDoS Attacks
To protect against high-frequency traffic, such as DDoS attacks, enable the Frequency Limiting feature:
- Go to Protection Configuration -> Frequency Limiting and set the appropriate thresholds.
To test this, I wrote a script that simulates high-frequency requests. SafeLine detected and blocked the attack by banning the IP.
Example script:
#!/bin/bash
for (( i=1;i<=20;i++ )); do
curl -s --resolve "test.waf.com:80:192.168.108.141" http://test.waf.com/?id=1%20AND%201=${i} >> /dev/null
done
5. Enabling CAPTCHA Verification
To prevent automated attacks, you can enable CAPTCHA verification for suspicious requests:
- Navigate to Web Services -> Protections -> Add Rules and configure it as per your needs.
6. Log Management and Additional Features
For additional documentation, refer to the official SafeLine WAF guide.
While the SafeLine Community Edition has fewer features than cloud-based or enterprise-level WAFs, it provides sufficient protection for personal websites. For more advanced functionality, I recommend exploring the official documentation.
You can also access service logs in the /usr/local/safeline
directory. If any errors occur, checking the logs can help identify the issue.
For example, when I encountered the certificate format problem, I found useful error messages in the Nginx logs:
tail -fn 100 tcd.log