DEV Community

Sharon
Sharon

Posted on

SafeLine WAF: Hands-On With the Free Open Source Web Application Firewall

If you’ve been in the security space for a while, chances are you’ve already heard of SafeLine WAF — a well-known web application firewall developed by Chaitin Tech.

It’s free, open source, and surprisingly easy to use. For individuals and small businesses, the community edition already provides enough protection against common web attacks.


Installing SafeLine WAF

Installation couldn’t be simpler. Just run the following command:

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
Enter fullscreen mode Exit fullscreen mode
  • If this is your first install, just choose option 1 when prompted.
  • Missing dependencies? Simply type y to let the installer grab them automatically.

Once completed, you’ll be able to log in to the web interface with the auto-generated username and password. From here, SafeLine is up and running.


Adding a Protected Application

After logging in, you’ll need to add a target application to protect.

Head over to the Applications module, click Add Application, and fill in the details of the app or site you want to shield.

SafeLine will generate a card for the protected application right in the dashboard.


Testing SQL Injection Defense

Let’s put it to the test. Suppose we’re protecting:
https://10.0.26.154:8086

Try the following SQL injection payload:

https://10.0.26.154:8086/login?id=1+and+1%3D2+union+select+1
Enter fullscreen mode Exit fullscreen mode

Result? The SQL injection attempt is blocked by SafeLine.

The dashboard logs show the intercepted request and full attack details, making it easy to trace.


Testing Command Injection Defense

Next, let’s attempt a command injection:

curl -k -X POST "https://10.0.26.154:8086/login" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=admin;cat /etc/passwd&password=test"
Enter fullscreen mode Exit fullscreen mode

SafeLine successfully blocks the attack, and you can review the detailed attack log directly from the management console.


Testing CC Attack Defense

SafeLine also includes CC (Challenge Collapsar) protection to defend against HTTP flood/DDoS-style attacks.

  1. First, enable the global CC protection options:
  • Basic access limit
  • Basic attack limit
  • Basic error limit

  1. Then, activate CC protection on the target application.

Now, simulate a stress test with wrk:

wrk -t12 -c400 -d30s https://10.0.26.154:8086
Enter fullscreen mode Exit fullscreen mode

This launches 12 threads, 400 concurrent connections, for 30 seconds.

SafeLine blocks the flood automatically, and you can view the detailed request/attack logs in the dashboard.


Final Thoughts

After testing SafeLine WAF, here are my takeaways:

  1. Ridiculously easy to install — just one command and a single keystroke.
  2. Comprehensive protection — covers a wide range of web attack vectors, perfect for individuals or SMBs.
  3. Great user experience — every blocked attack is logged with full details, making it simple to monitor threats and trace incidents.

If you’re looking for a free, open source WAF that actually works out of the box, SafeLine is absolutely worth a try.


Join the SafeLine Community

If you continue to experience issues, feel free to contact SafeLine support for further assistance.

Top comments (0)