DEV Community

Carrie
Carrie

Posted on

Secure Your Application with SafeLine WAF: A Step-by-Step Guide

#application #firewall #waf #security

In today's digital landscape, web applications are constantly targeted by bots, scanners, and attackers.

That’s why protecting your application at the edge is more important than ever. SafeLine, a self-hosted, high-performance Web Application Firewall (WAF) and reverse proxy, offers a powerful solution to secure your web services against common web threats.

This guide walks you through how to secure your application with SafeLine — from installation to advanced configuration.

What is SafeLine?

SafeLine is a self-hosted WAF that acts as a reverse proxy in front of your web application. It analyzes and filters incoming traffic based on a flexible rule engine to prevent threats such as SQL injection, XSS, bot abuse, and more — all while offering high performance and full control.

Step-by-Step Guide to Securing Your Application with SafeLine

Step 1: Auto-Install SafeLine

1. Install
Use the following command to start the automated installation of SafeLine. (This process requires root privileges)

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
Enter fullscreen mode Exit fullscreen mode

After the command is executed, it means the installation is successfully.

2. Visit SafeLine webUI
Open the web console page https://<safeline-ip>:9443/ in the browser, then you will see below.

3. Get Administrator Account

docker exec safeline-mgt resetadmin
Enter fullscreen mode Exit fullscreen mode

After the command is successfully executed, you will see the following content

Please must remember this:

[SafeLine] Initial username:admin
[SafeLine] Initial password:**********
[SafeLine] Done
Enter fullscreen mode Exit fullscreen mode

4. Login

Enter the password in the previous step and you will successfully logged into SafeLine.

Tip: Change the default password after your first login.

Step 2: Add Your Application

In the SafeLine dashboard:

  • Go to Application > Add Application
  • Fill in details such as domain name and backend IP/port
  • Select whether it should listen on HTTP, HTTPS, or both

Your application is now protected by SafeLine.

Step 3: Configure Protection Rules

You can also create allow/deny rules based on:

  • URL paths
  • Request headers
  • IP reputation
  • User-Agent strings
  • Geo-location
  • Rate limiting
  • Challenge-based bot detection
  • etc.

For example, to block access from IPs outside your country:

Set up an allow rule

  • Match Target: Source IP
  • Operator: In Geolocation
  • Your country

Step 4: Monitor & Analyze

Use the Dashboard and Traffic Logs to view real-time access logs, blocked threats, and rule matches.

You can:

  • Track bot and attack attempts
  • See top IPs, URLs, and User-Agents
  • Analyze false positives and fine-tune your rules

Step 5: Fine-Tune Your Defense

Over time, adjust your protection strategy by:

  • Whitelisting(Allow Rule) known trusted sources
  • Adding rate limiting to APIs
  • Creating challenge rules for suspicious traffic
  • Blocking ASN or regions known for attacks

SafeLine gives you full control over how aggressive or passive your WAF behavior should be.

Why Choose SafeLine?

  • Self-Hosted – Full control of your data and traffic
  • Affordable license fees
  • High Performance – Built for speed and scale
  • Flexible Rules – Tailor security to your exact needs
  • Actively Maintained – Backed by Chaitin Tech

Final Thoughts

SafeLine empowers you to secure your web applications with a modern, flexible WAF engine. Whether you’re running a small site or a production-grade system, SafeLine offers the visibility and control you need to stay ahead of online threats.

Start securing your application today with SafeLine:
SafeLine Website: https://ly.safepoint.cloud/ShZAy9x
Live Demo: https://demo.waf.chaitin.com:9443/statistics
Discord: https://discord.gg/dy3JT7dkmY
Doc: https://docs.waf.chaitin.com/en/home

Top comments (0)