If you’ve been in the security space for a while, chances are you’ve already heard of SafeLine WAF — a well-known web application firewall developed by Chaitin Tech.
It’s free, open source, and surprisingly easy to use. For individuals and small businesses, the community edition already provides enough protection against common web attacks.
Installing SafeLine WAF
Installation couldn’t be simpler. Just run the following command:
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
- If this is your first install, just choose option
1when prompted. - Missing dependencies? Simply type
yto let the installer grab them automatically.
Once completed, you’ll be able to log in to the web interface with the auto-generated username and password. From here, SafeLine is up and running.
Adding a Protected Application
After logging in, you’ll need to add a target application to protect.
Head over to the Applications module, click Add Application, and fill in the details of the app or site you want to shield.
SafeLine will generate a card for the protected application right in the dashboard.
Testing SQL Injection Defense
Let’s put it to the test. Suppose we’re protecting:
https://10.0.26.154:8086
Try the following SQL injection payload:
https://10.0.26.154:8086/login?id=1+and+1%3D2+union+select+1
Result? The SQL injection attempt is blocked by SafeLine.
The dashboard logs show the intercepted request and full attack details, making it easy to trace.
Testing Command Injection Defense
Next, let’s attempt a command injection:
curl -k -X POST "https://10.0.26.154:8086/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin;cat /etc/passwd&password=test"
SafeLine successfully blocks the attack, and you can review the detailed attack log directly from the management console.
Testing CC Attack Defense
SafeLine also includes CC (Challenge Collapsar) protection to defend against HTTP flood/DDoS-style attacks.
- First, enable the global CC protection options:
- Basic access limit
- Basic attack limit
- Basic error limit
- Then, activate CC protection on the target application.
Now, simulate a stress test with wrk:
wrk -t12 -c400 -d30s https://10.0.26.154:8086
This launches 12 threads, 400 concurrent connections, for 30 seconds.
SafeLine blocks the flood automatically, and you can view the detailed request/attack logs in the dashboard.
Final Thoughts
After testing SafeLine WAF, here are my takeaways:
- Ridiculously easy to install — just one command and a single keystroke.
- Comprehensive protection — covers a wide range of web attack vectors, perfect for individuals or SMBs.
- Great user experience — every blocked attack is logged with full details, making it simple to monitor threats and trace incidents.
If you’re looking for a free, open source WAF that actually works out of the box, SafeLine is absolutely worth a try.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)