When it comes to setting up a web server, security is a top priority. Although there are many free, open-source WAF (Web Application Firewall) solutions available, many of them have steep learning curves. For someone like me, who is just starting out with a small project, I wanted a WAF that was both cost-effective and easy to use. After some research, I discovered SafeLine WAF, developed by Chaitin Technology, which turned out to be the perfect fit for my needs.
How SafeLine WAF Works
Previously, my server setup was straightforward: User → Apache → Server
. Now, to add an extra layer of security, I needed to place the SafeLine WAF between the user and my server: User → SafeLine WAF → Apache → Server
. This requires a few adjustments to the server's configuration.
- Port Configuration: The website port should be changed to 81, and the WAF should handle HTTP traffic on port 80.
- HTTPS Setup: Port 443 for HTTPS also needs to be configured.
Redirecting HTTP to HTTPS
One of the essential steps in securing your site is to ensure that all HTTP traffic is automatically redirected to HTTPS. SafeLine WAF allows for easy customization of this behavior.
- Modify the Nginx configuration within SafeLine WAF to redirect all traffic from port 80 to port 443. SafeLine provides a custom configuration parameter for this purpose.
Edit the configuration file at
safeline/resources/nginx/custom_params
.Add the following configuration:
return 307 https://www.waf.com$request_uri;
4.Restart the SafeLine WAF Nginx service:
docker exec safeline-tengine nginx -t
Additional Features
SafeLine WAF offers a host of other useful features that you can explore, such as:
- Site maintenance
- Blacklist and whitelist management
- CAPTCHA verification
All these features are completely free, making SafeLine WAF an excellent choice for small projects and startups.
Common Issues During Installation
Here are some common issues you might encounter during installation and their solutions:
- Directory Already Exists: If you encounter a message saying that the directory already exists, you'll need to delete the default installation directory:
rm -rf /data/safeline
2.Network Errors: If you run into network issues, you can inspect and manage your Docker networks:
docker network ls
You may need to remove an invalid network if it exists:
docker network rm <network_id>
Conclusion
SafeLine WAF is a powerful and user-friendly tool for securing web servers, especially for those new to server management. If you're looking for a reliable and free WAF to enhance your web security, it is definitely worth considering.
For more details, check out the official website: SafeLine WAF Documentation