Let’s get right to it. Today, we’re introducing an open-source project that has quickly risen to the top of GitHub’s WAF category. It’s a tool that makes hackers think twice before attempting to breach your defenses. Meet SafeLine.
01. What is SafeLine?
SafeLine is a powerful, user-friendly, and completely free web application firewall (WAF). It uses advanced semantic detection technology and acts as a reverse proxy to shield your website from cyber attacks. This robust tool is the result of nearly a decade of development by Chaitin Technology, with its core detection powered by intelligent semantic analysis algorithms.
SafeLine secures web services by filtering and monitoring HTTP traffic between your web application and the internet. It defends against a wide range of threats, including SQL injection, XSS, code injection, command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoors, brute force attacks, CC attacks, and web crawlers.
What makes SafeLine stand out is its high community recognition. Its performance and protective capabilities are top-notch, and the community edition shares the same security features as the enterprise edition, ensuring a high level of security. This is one of the key reasons SafeLine quickly gained popularity on GitHub.
Key Protection Features:
SafeLine’s intelligent semantic analysis algorithm works by analyzing user inputs to generate fingerprint rules. It then uses a binary search algorithm to detect and categorize threats, making the protection more precise over time. Unlike traditional signature-based detection, this technology offers high accuracy and low false positives, eliminating the need to maintain a large static signature database, and significantly improving web protection efficiency.
The WAF leverages this intelligent semantic analysis to autonomously evaluate threats by analyzing both web requests and responses. It also reviews attack logs, assessing the source based on attack frequency and severity, and determines whether a visitor should be blocked.
02. Installing SafeLine
System Requirements:
Before installing SafeLine, ensure your system meets the following requirements:
- Operating System: Linux
- CPU Architecture: x86_64 with ssse3 instruction set support
- Software Dependencies: Docker 20.10.14 or later, Docker Compose 2.0.0 or later
- Minimum Resources: 1 CPU core, 1 GB RAM, 5 GB disk space
To install SafeLine automatically, run the following command with root privileges and follow the prompts. The installation process takes about 3 minutes.
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
If the command executes successfully, SafeLine is installed, and you can now access the SafeLine console.
Accessing the SafeLine Console
After installation, open your browser and navigate to https://<safeline-ip>:9443/
to access the SafeLine console.
Logging into SafeLine
For your first login, you’ll need to initialize the admin account. Run the following command:
docker exec safeline-mgt resetadmin
This command will reset the admin account password, and you’ll see output similar to this:
[SafeLine] Initial username: admin
[SafeLine] Initial password: **********
[SafeLine] Done
03. Configuring Your Website
How It Works:
The SafeLine Community Edition primarily functions as a reverse proxy, similar to Nginx.
It routes your website’s traffic through SafeLine, where it’s inspected and filtered before reaching your original web server.
Here’s a quick overview of setting up a web server using phpStudy on a Windows 10 virtual machine:
- Prepare the Virtual Machine: Install Windows 10.
- Install phpStudy: Follow the installation guide for a one-click setup.
- Configure the Web Server: After installation, launch phpStudy and ensure Apache and MySQL services are running. You can use the default webpage or create a new site.
- Set Up Virtual Domains: Point your domain to the SafeLine WAF device.
Once your web server is up and running, ensure it’s accessible. You can use a default page or deploy a CMS for testing.
Now, let’s test the setup with some attack payloads. For more accurate results, consider using automated scanning tools like Nessus, AWVS, AppScan, OWASP, or Nuclei.
Sample payloads:
<script>alert('hello, gaga!');</script>
>"'><script>alert('XSS')</script>
You’ll see that these attacks are intercepted by the WAF.
04. Conclusion
SafeLine offers strong protection, ease of use, and an interface tailored to the needs of domestic users, making it a valuable tool. As an open-source product developed in China, it benefits from transparency, community support, and flexible deployment options, enhancing its trustworthiness and customizability.
The user-friendly interface and easy operation are crucial for improving IT staff efficiency, reducing training costs, and enabling rapid responses to security incidents. Especially for domestic users, SafeLine’s design tailored to local habits significantly enhances the user experience and promotes widespread adoption.
Project Information
- Website: https://waf.chaitin.com
- GitHub: https://github.com/chaitin/SafeLine