DEV Community

Lulu
Lulu

Posted on

SafeLine: Secure Your Web Applications Effortlessly

#cybersecurity #sql #webdev #opensource

SafeLine is a comprehensive web security gateway designed to safeguard your websites from a wide range of attacks and exploits. It offers robust defense against various web-based threats, including SQL injection, code injection, OS command injection, CRLF injection, LDAP injection, XPath injection, RCE, XSS, XXE, SSRF, path traversal, backdoors, brute force, HTTP floods, bot abuse, and more.

Image description

Automated Deployment

To automatically install SafeLine, execute the following command with root privileges:

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
Enter fullscreen mode Exit fullscreen mode

Once the command is completed, the installation is successful. You can proceed directly to the "Use Web UI" section.

Manual Deployment

For a manual setup, refer to the Documentation.

Getting Started

Logging In

Open the SafeLine web console by navigating to https://<safeline-ip>:9443/ in your browser.

To retrieve the administrator account details, run the following command:

docker exec safeline-mgt /app/mgt-cli reset-admin --once
Enter fullscreen mode Exit fullscreen mode

This will generate the following output:

[SafeLine] Initial username: admin
[SafeLine] Initial password: **********
[SafeLine] Done
Enter fullscreen mode Exit fullscreen mode

Make sure to note these credentials. Use them to log in to SafeLine.

Website Protection Setup

After logging in, go to the "Web services" -> "Web services" section in the SafeLine Web Admin Console and click the "Add Web Service" button.

Image description

In the dialog box, enter the details for your website:

  • Domain: The domain, hostname, or IP address of your original website, e.g., www.chaitin.com
  • Port: The port that SafeLine will listen on, such as 80 or 443 (for HTTPS, check the SSL option).
  • Upstream: The real address of your original website, where SafeLine will forward the traffic.

Image description

Once the configuration is complete, ensure that the domain name resolves to the IP address of the server where SafeLine is installed.

Now, your website is protected by SafeLine and can be accessed via its domain.

Test Your Website's Protection

To test SafeLine’s effectiveness, simulate an attack on your website using the following examples (replace chaitin.com with your domain):

  • SQL Injection: https://chaitin.com/?id=1+and+1=2+union+select+1
  • XSS: https://chaitin.com/?id=<img+src=x+onerror=alert()>
  • Path Traversal: https://chaitin.com/?id=../../../../etc/passwd
  • Code Injection: https://chaitin.com/?id=phpinfo();system('id')
  • XXE: https://chaitin.com/?id=<?xml+version="1.0"?><!DOCTYPE+foo+SYSTEM+"">

Check the SafeLine web console to view and analyze the attack logs by clicking on "detail" for more specific information.

Image description

Explore More:

Top comments (0)

Read next

lebbe profile image

GlobalErrorHandler: Catch the errors that falls through ErrorBoundary's fingers!

Lars-Erik Bruce -

sebastianrubina profile image

Setting up Supabase Auth with Nuxt v3

Sebastian Rubina -

sempare profile image

Functional templates with the Sempare Template Engine for Delphi

Sempare Limited -

drxven profile image

My Hacktoberfest 2024: A Month of Code, Challenges, and Growth

Lohit Kolluri -