When it comes to open-source Web Application Firewalls, most developers think of ModSecurity or Nginx-based solutions. But there’s a new player worth checking out: SafeLine WAF.
It’s free, easy to deploy, and still packs in a strong set of protections that usually sit behind commercial licenses. In this post, I’ll walk you through my hands-on experience with SafeLine WAF Personal Edition — from installation to testing, configuration, and a look at what’s included in different versions.
Test Environment
| Component | Version |
|---|---|
| OS | openEuler 22.03 LTS |
| Docker | 24.0.8 |
| Docker Compose | v2.39.2 |
| SafeLine WAF | Personal Edition 9.2.4 |
| Management Panel | https://192.168.99.203:9443 |
| Protected App | JavaSec v1.4 → http://192.168.99.68/login
|
1. Installing Docker
If you don’t already have Docker, install it manually or use the binaries:
wget https://download.docker.com/linux/static/stable/x86_64/docker-24.0.8.tgz
tar -xzvf docker-24.0.8.tgz --strip-components=1 -C /usr/local/bin/
Then configure Docker:
mkdir -p /etc/docker
tee /etc/docker/daemon.json > /dev/null << 'EOF'
{
"data-root": "/var/lib/docker",
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": { "max-size": "100m" },
"storage-driver": "overlay2",
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com"
]
}
EOF
Enable and start Docker:
systemctl daemon-reload
systemctl enable docker.service docker.socket
systemctl start docker
docker version
2. Installing Docker Compose
Download the binary:
mkdir -p /usr/local/lib/docker/cli-plugins
wget https://github.com/docker/compose/releases/download/v2.39.2/docker-compose-linux-x86_64
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
docker compose version
3. Installing SafeLine WAF
There are multiple ways to install:
- One-click install (recommended):
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
If successful, you can log in immediately to the management console.
- Manual installation: For Linux/Docker power users → Guide
- Offline installation: For air-gapped environments → Guide
4. Accessing the Dashboard
Default URL: https://192.168.99.203:9443/
username: admin
password: nxjI9JG8
The UI is clean and intuitive, making it easy to start protecting your apps.
5. Adding a Protected Site
From the dashboard, you can add the web app or API you want to protect. In my test, I added a JavaSec login page.
6. Security Policies
SafeLine comes with built-in protection modules:
- HTTP Flood Protection — rate limiting, waiting rooms, request throttling
- Bot Defense — human verification (no-interaction, slider CAPTCHA), dynamic JS/HTML encryption, replay prevention
- Auth — simple authentication and unified login
- Attack Protection — SQLi, XSS, file upload, file inclusion, command injection, deserialization (Java, PHP, ASP), template injection, CSRF, SSRF, malformed HTTP
7. Testing the Protection
Triggering SQL injection or XSS rules correctly returns a blocked response. Events are logged in real time, with detailed request/response data visible in the dashboard.
8. Handling False Positives
In SafeLine, you can whitelist or blacklist based on conditions such as:
- Source IP
- URL / Path
- GET/POST parameters
- Headers / Body content
- HTTP method
- JA4 fingerprint
9. Logs & Reports
The dashboard includes:
- Statistics & Reports — charts for traffic and attack trends
- Attack Logs — detailed breakdown of blocked attempts
- Access Control — manage blacklists, CC protection, bot defense
- General Settings — protection configs, system logs, console management
Final Thoughts
SafeLine leaves a strong first impression:
✅ Free and easy to install (literally a single command)
✅ Strong security coverage (SQLi, XSS, file uploads, deserialization, etc.)
✅ Clean UI and useful logs
Still, for developers, small teams, or anyone looking for a free WAF that just works, SafeLine is absolutely worth trying.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)