1. Introduction to WAF
WAF stands for Web Application Firewall. Unlike traditional firewalls, a WAF operates at the application layer, offering better protection for web systems based on HTTP/HTTPS protocols, safeguarding them from hacker attacks.
2. WAF Deployment Architecture
SafeLine is deployed as a reverse proxy, receiving traffic before it reaches the web server. It detects and filters out malicious activities within the traffic, forwarding only the cleaned traffic to the web server. This ensures that external attack traffic cannot reach the web server.
GitHub:https://github.com/chaitin/SafeLine
3. Installation Process
1.One-Click Installation
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
2.Completion
Access https://0.0.0.0:9443 in your browser.
3.Login to SafeLine
Follow the on-screen instructions, using a TOTP-supported authentication app or scanning the QR code, then enter the dynamic code to log in.
4.Adding a Protected Site
SafeLine Community Edition primarily operates as a reverse proxy, similar to an Nginx server. During deployment, traffic needs to be directed to SafeLine first, where it will be inspected and filtered before being forwarded to the original web server.
In this setup, SafeLine is configured on a separate server.
Environment Information:
- Web Server: IPA, External Port 8002, Domain name (optional)
- SafeLine Server: IPB
- Objective: Use SafeLine’s port 80 to receive and protect requests. Steps:
- Point the website traffic to SafeLine's IPB. For example, modify the DNS configuration to resolve the domain name to SafeLine’s IPB.
- Refer to the diagram below for specific configurations.
- Block all access to the web server (IPA) except through SafeLine. For example, configure the firewall accordingly.
Configuration Verification:
- Access
example.com:80via a browser. If you receive a response from the web application and the "Today's Visits" count increases, the configuration is successful.
5.Protection Testing
Manual Testing
- Simulate SQL injection by visiting:
http://<IP_or_domain>:<port>/?id=1%20AND%201=1 - Simulate XSS by visiting:
http://<IP_or_domain>:<port>/?html=<script>alert(1)</script>
6.Protection Settings
Black/White Lists
Rate Limiting
CAPTCHA
4. Troubleshooting
How to Log All Requests to SafeLine
By default, SafeLine does not save request logs. To enable logging, you can modify the configuration file located at resources/nginx/nginx.conf in the installation directory.
- Remove the comment from line 99 and delete the content of line 100.Save the file and check the configuration by running:
docker exec safeline-tengine nginx -t
- Apply the configuration by running:
docker exec safeline-tengine nginx -s reload
- Log file location:
/data/safeline/logs/nginx/access.log
Website:https://waf.chaitin.com
Demo:https://demo.waf.chaitin.com:9443
Top comments (0)