DEV Community

Carrie
Carrie

Posted on

How to Test the Real-World Defense of SafeLine WAF with Its Public Demo

#waftesting #defense #owasptop10 #payload

Looking to see how a modern Web Application Firewall performs in the real world? With SafeLine’s public demo, you can test its protection against real attack payloads — no local installation required.

What is SafeLine?

SafeLine is one of the most popular free, self-hosted Web Application Firewalls (WAFs) in 2025 — with over 17,000 GitHub stars. Unlike traditional signature-based WAFs, it uses a semantic analysis engine to understand the intent behind HTTP requests, dramatically reducing false positives.

It’s designed for simplicity, privacy, and performance — making it a perfect fit for homelab users, developers, and startups alike.

Goal: Test SafeLine’s Detection Capabilities

SafeLine provides a public demo for testing its detection engine:

With this setup, you can simulate common web attacks like:

  • SQL Injection
  • Cross-site Scripting (XSS)
  • Command Injection
  • Directory Traversal
  • Path Manipulation
  • HTTP Flood

The tests here are safe and intended for educational purposes. Do not use them against unauthorized or production systems.

Step-by-Step Guide

1. Visit the Attack Simulation Interface

Go to the payload generator page:

➡️ https://demo.waf.chaitin.com/

Here, you’ll find a pre-built SQL Injection payload for common web attacks:
1 and 1=1

2. Configure the Target

In the Target Input field, paste the URL of the protected endpoint:

https://demo.waf.chaitin.com:10084/hello.html
Enter fullscreen mode Exit fullscreen mode

This endpoint is protected by the SafeLine WAF in strict defense mode.

3. Launch the simulated attack

Click on "Launch" directly to start this SQL Injection.

SafeLine will analyze the payload and, if blocked, it means SafeLine successfully intercepted and mitigated the attack.

4. Analyze the Results

Check the attack log by visiting https://demo.waf.chaitin.com:9443/statistics, and click on "Attacks".

Here is the attack we just launched:

Here are the details of the attack:

Behind the Scenes

What makes SafeLine stand out:

  • Semantic Detection: Not just matching patterns, but understanding the behavior of requests.
  • Free Tier Includes:
    • Rate limiting
    • Identity authentication
    • Anti-bot challenges
    • Unlimited custom rules
  • No account or credit card required
  • Self-hosted (Docker-based deployment)
  • Large active community

Final Thoughts

Testing SafeLine’s public demo is a great way to understand what modern WAFs are capable of — and why semantic analysis might be the future of web application defense.

If you’re curious, try deploying it locally via Docker and protect your own app in just a few minutes.

🔗 Website →

Got questions or feedback? Join the community on Discord or leave a comment below.

Top comments (0)