How to Deploy SafeLine WAF on Ubuntu

Thorila - Oct 22 - - Dev Community

Installing Docker Environment

Update Software Packages

sudo apt update
Enter fullscreen mode Exit fullscreen mode

Install Docker

sudo apt-get install docker.io
docker -v
Enter fullscreen mode Exit fullscreen mode

Install Docker Compose V2

To install Compose V2 for the active user under the $HOME directory, follow these steps:

Docker Compose V2 Installation Official Guide

1.Set up Docker Config Directory

   DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
   mkdir -p $DOCKER_CONFIG/cli-plugins
Enter fullscreen mode Exit fullscreen mode

2.Download Docker Compose V2

   curl -SL https://github.com/docker/compose/releases/download/v2.23.0/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose
Enter fullscreen mode Exit fullscreen mode

If the download is too slow, you can download the file separately and upload it to your server, then move it to /root/.docker/cli-plugins and name it docker-compose to skip the above command.

   mv docker-compose-linux-x86_64 /root/.docker/cli-plugins/docker-compose
Enter fullscreen mode Exit fullscreen mode

Grant Execute Permission

chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose
Enter fullscreen mode Exit fullscreen mode

Verify Installation

docker compose version
Enter fullscreen mode Exit fullscreen mode

Installing SafeLine

System Requirements

  • Operating System: Linux
  • Architecture: x86_64
  • Software Dependencies:
    • Docker 20.10.14 or higher
    • Docker Compose 2.0.0 or higher
  • Minimal Environment:
    • 1 CPU Core
    • 1 GB RAM
    • 5 GB Disk Space

Environment Confirmation Commands

uname -m                 # Check architecture
docker version           # Check Docker version
docker compose version   # Check Docker Compose version
docker-compose version   # Check Docker Compose (legacy)
cat /proc/cpuinfo        # Check CPU info
cat /proc/meminfo        # Check memory info
df -h                    # Check disk space
lscpu | grep ssse3       # Check if CPU supports ssse3 instruction set
Enter fullscreen mode Exit fullscreen mode

Online Installation

bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
Enter fullscreen mode Exit fullscreen mode

Image description

Logging into SafeLine

1.Access port 9443.
2.Download the Tencent Authenticator for login.

Configuring Protection Sites

1.After adding a site, execute the following command on the client to ensure it receives a response from the business website and the site's "Today's Visits" increases, indicating a successful configuration:

   curl -H "Host: <domain>" http://<SafeLine IP>:<SafeLine Listening Port>
Enter fullscreen mode Exit fullscreen mode

2.Only allow access from the IP where SafeLine is deployed.

Manual Testing

Test the target website for vulnerabilities such as SQL injection and XSS. If the protection interface appears, it indicates successful protection.

Simulate SQL Injection

http://<IP or Domain>:<Port>/?id=1%20AND%201=1
Enter fullscreen mode Exit fullscreen mode

Simulate XSS

http://<IP or Domain>:<Port>/?html=
Enter fullscreen mode Exit fullscreen mode

Official Documentation

For more detailed information, refer to the official documentation guidelines of SafeLine Community Edition.

Github:https://github.com/chaitin/SafeLine
Discord:https://discord.gg/wVyX7vDE

. . .