DEV Community

Lulu
Lulu

Posted on

SafeLine: The No.1 Free and Open-Source Next-Gen Intelligent WAF

Let’s get right to it. Today, we’re introducing an open-source project that has quickly risen to the top of GitHub’s WAF category. It’s a tool that makes hackers think twice before attempting to breach your defenses. Meet SafeLine.

01. What is SafeLine?

SafeLine is a powerful, user-friendly, and completely free web application firewall (WAF). It uses advanced semantic detection technology and acts as a reverse proxy to shield your website from cyber attacks. This robust tool is the result of nearly a decade of development by Chaitin Technology, with its core detection powered by intelligent semantic analysis algorithms.

SafeLine secures web services by filtering and monitoring HTTP traffic between your web application and the internet. It defends against a wide range of threats, including SQL injection, XSS, code injection, command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoors, brute force attacks, CC attacks, and web crawlers.

What makes SafeLine stand out is its high community recognition. Its performance and protective capabilities are top-notch, and the community edition shares the same security features as the enterprise edition, ensuring a high level of security. This is one of the key reasons SafeLine quickly gained popularity on GitHub.

Image description

Key Protection Features:

SafeLine’s intelligent semantic analysis algorithm works by analyzing user inputs to generate fingerprint rules. It then uses a binary search algorithm to detect and categorize threats, making the protection more precise over time. Unlike traditional signature-based detection, this technology offers high accuracy and low false positives, eliminating the need to maintain a large static signature database, and significantly improving web protection efficiency.

The WAF leverages this intelligent semantic analysis to autonomously evaluate threats by analyzing both web requests and responses. It also reviews attack logs, assessing the source based on attack frequency and severity, and determines whether a visitor should be blocked.

02. Installing SafeLine

System Requirements:
Before installing SafeLine, ensure your system meets the following requirements:

  • Operating System: Linux
  • CPU Architecture: x86_64 with ssse3 instruction set support
  • Software Dependencies: Docker 20.10.14 or later, Docker Compose 2.0.0 or later
  • Minimum Resources: 1 CPU core, 1 GB RAM, 5 GB disk space

To install SafeLine automatically, run the following command with root privileges and follow the prompts. The installation process takes about 3 minutes.

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
Enter fullscreen mode Exit fullscreen mode

If the command executes successfully, SafeLine is installed, and you can now access the SafeLine console.

Accessing the SafeLine Console
After installation, open your browser and navigate to https://<safeline-ip>:9443/ to access the SafeLine console.

Image description

Logging into SafeLine

For your first login, you’ll need to initialize the admin account. Run the following command:

docker exec safeline-mgt resetadmin
Enter fullscreen mode Exit fullscreen mode

This command will reset the admin account password, and you’ll see output similar to this:

[SafeLine] Initial username: admin
[SafeLine] Initial password: **********
[SafeLine] Done
Enter fullscreen mode Exit fullscreen mode

03. Configuring Your Website

How It Works:

The SafeLine Community Edition primarily functions as a reverse proxy, similar to Nginx.

Image description

It routes your website’s traffic through SafeLine, where it’s inspected and filtered before reaching your original web server.

Image description

Here’s a quick overview of setting up a web server using phpStudy on a Windows 10 virtual machine:

  1. Prepare the Virtual Machine: Install Windows 10.
  2. Install phpStudy: Follow the installation guide for a one-click setup.
  3. Configure the Web Server: After installation, launch phpStudy and ensure Apache and MySQL services are running. You can use the default webpage or create a new site.
  4. Set Up Virtual Domains: Point your domain to the SafeLine WAF device.

Image description

Once your web server is up and running, ensure it’s accessible. You can use a default page or deploy a CMS for testing.

Image description

Now, let’s test the setup with some attack payloads. For more accurate results, consider using automated scanning tools like Nessus, AWVS, AppScan, OWASP, or Nuclei.

Sample payloads:

<script>alert('hello, gaga!');</script>
>"'><script>alert('XSS')</script>
Enter fullscreen mode Exit fullscreen mode

You’ll see that these attacks are intercepted by the WAF.

04. Conclusion

SafeLine offers strong protection, ease of use, and an interface tailored to the needs of domestic users, making it a valuable tool. As an open-source product developed in China, it benefits from transparency, community support, and flexible deployment options, enhancing its trustworthiness and customizability.

The user-friendly interface and easy operation are crucial for improving IT staff efficiency, reducing training costs, and enabling rapid responses to security incidents. Especially for domestic users, SafeLine’s design tailored to local habits significantly enhances the user experience and promotes widespread adoption.

Project Information

Top comments (0)