Ultimate Guide to Web Security on Linux Servers with SafeLine WAF

Lulu - Aug 29 - - Dev Community

When it comes to setting up a web server, security is a top priority. Although there are many free, open-source WAF (Web Application Firewall) solutions available, many of them have steep learning curves. For someone like me, who is just starting out with a small project, I wanted a WAF that was both cost-effective and easy to use. After some research, I discovered SafeLine WAF, developed by Chaitin Technology, which turned out to be the perfect fit for my needs.

How SafeLine WAF Works

Previously, my server setup was straightforward: User → Apache → Server. Now, to add an extra layer of security, I needed to place the SafeLine WAF between the user and my server: User → SafeLine WAF → Apache → Server. This requires a few adjustments to the server's configuration.

  1. Port Configuration: The website port should be changed to 81, and the WAF should handle HTTP traffic on port 80.
  2. HTTPS Setup: Port 443 for HTTPS also needs to be configured.

Image description

Redirecting HTTP to HTTPS

One of the essential steps in securing your site is to ensure that all HTTP traffic is automatically redirected to HTTPS. SafeLine WAF allows for easy customization of this behavior.

  1. Modify the Nginx configuration within SafeLine WAF to redirect all traffic from port 80 to port 443. SafeLine provides a custom configuration parameter for this purpose.
  2. Edit the configuration file at safeline/resources/nginx/custom_params.

  3. Add the following configuration:

   return 307 https://www.waf.com$request_uri;
Enter fullscreen mode Exit fullscreen mode

4.Restart the SafeLine WAF Nginx service:

   docker exec safeline-tengine nginx -t
Enter fullscreen mode Exit fullscreen mode

Additional Features

SafeLine WAF offers a host of other useful features that you can explore, such as:

  • Site maintenance
  • Blacklist and whitelist management
  • CAPTCHA verification

All these features are completely free, making SafeLine WAF an excellent choice for small projects and startups.

Common Issues During Installation

Here are some common issues you might encounter during installation and their solutions:

  1. Directory Already Exists: If you encounter a message saying that the directory already exists, you'll need to delete the default installation directory:
   rm -rf /data/safeline
Enter fullscreen mode Exit fullscreen mode

2.Network Errors: If you run into network issues, you can inspect and manage your Docker networks:

   docker network ls
Enter fullscreen mode Exit fullscreen mode

You may need to remove an invalid network if it exists:

   docker network rm <network_id>
Enter fullscreen mode Exit fullscreen mode

Conclusion

SafeLine WAF is a powerful and user-friendly tool for securing web servers, especially for those new to server management. If you're looking for a reliable and free WAF to enhance your web security, it is definitely worth considering.

For more details, check out the official website: SafeLine WAF Documentation

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .