DEV Community

Lulu
Lulu

Posted on

Step-by-Step Deployment and Configuration for Optimal Web Security

1. Introduction to WAF

WAF stands for Web Application Firewall. Unlike traditional firewalls, a WAF operates at the application layer, offering better protection for web systems based on HTTP/HTTPS protocols, safeguarding them from hacker attacks.

2. WAF Deployment Architecture

SafeLine is deployed as a reverse proxy, receiving traffic before it reaches the web server. It detects and filters out malicious activities within the traffic, forwarding only the cleaned traffic to the web server. This ensures that external attack traffic cannot reach the web server.
GitHub:https://github.com/chaitin/SafeLine

3. Installation Process

1.One-Click Installation

   bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
Enter fullscreen mode Exit fullscreen mode

2.Completion
Access https://0.0.0.0:9443 in your browser.
3.Login to SafeLine
Follow the on-screen instructions, using a TOTP-supported authentication app or scanning the QR code, then enter the dynamic code to log in.

Image description

4.Adding a Protected Site
SafeLine Community Edition primarily operates as a reverse proxy, similar to an Nginx server. During deployment, traffic needs to be directed to SafeLine first, where it will be inspected and filtered before being forwarded to the original web server.

In this setup, SafeLine is configured on a separate server.
Environment Information:

  • Web Server: IPA, External Port 8002, Domain name (optional)
  • SafeLine Server: IPB
  • Objective: Use SafeLine’s port 80 to receive and protect requests. Steps:
  • Point the website traffic to SafeLine's IPB. For example, modify the DNS configuration to resolve the domain name to SafeLine’s IPB.
  • Refer to the diagram below for specific configurations.
  • Block all access to the web server (IPA) except through SafeLine. For example, configure the firewall accordingly.

Image description

Configuration Verification:

  • Access example.com:80 via a browser. If you receive a response from the web application and the "Today's Visits" count increases, the configuration is successful.

5.Protection Testing
Manual Testing

  • Simulate SQL injection by visiting: http://<IP_or_domain>:<port>/?id=1%20AND%201=1
  • Simulate XSS by visiting: http://<IP_or_domain>:<port>/?html=<script>alert(1)</script>

Image description

6.Protection Settings

  • Black/White Lists
    Image description

  • Rate Limiting
    Image description

  • CAPTCHA
    Image description

4. Troubleshooting

How to Log All Requests to SafeLine
By default, SafeLine does not save request logs. To enable logging, you can modify the configuration file located at resources/nginx/nginx.conf in the installation directory.

  • Remove the comment from line 99 and delete the content of line 100.Save the file and check the configuration by running:
  docker exec safeline-tengine nginx -t
Enter fullscreen mode Exit fullscreen mode
  • Apply the configuration by running:
  docker exec safeline-tengine nginx -s reload
Enter fullscreen mode Exit fullscreen mode
  • Log file location: /data/safeline/logs/nginx/access.log

Website:https://waf.chaitin.com
Demo:https://demo.waf.chaitin.com:9443

Top comments (0)