With more people setting up private clouds, NAS, home theaters, blogs, and library management systems at home, some of these systems are being exposed to the public internet to enable remote access. In such cases, deploying a Web Application Firewall (WAF) like SafeLine to protect your data is crucial.

System Requirements

Before installing SafeLine, ensure that your system meets the following requirements:

• Operating System: Linux
• CPU Architecture: x86_64 with SSSE3 instruction set support
• Software Dependencies: Docker version 20.10.14 or above, Docker Compose version 2.0.0 or above
• Minimum Resources: 1 core CPU, 1 GB RAM, 5 GB disk space

How to Check Your System

To verify your system's compatibility, use the following commands:

• Check CPU architecture: uname -m
• View CPU information: cat /proc/cpuinfo | grep "processor"
• Confirm SSSE3 support: lscpu | grep ssse3
• Check Docker version: docker version
• Check Docker Compose version: docker compose version
• Check old Docker Compose version: docker-compose version
• View memory information: free -h
• View disk space: df -h

Download and Install SafeLine

1. Download the installation package:

bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"

1. Upload the package to your server.

1. Import into Docker:

   cat image.tar.gz | gzip -d | docker load

1. Create SafeLine directory:

   mkdir -p "/data/safeline"
   cd "/data/safeline"

1. Download the compose script:

   wget https://waf.chaitin.com/release/latest/compose.yaml

1. Configure environment variables:

   cd "/data/safeline"
   touch ".env"

Set the following variables in your .env file:

   SAFELINE_DIR=/data/safeline
   IMAGE_TAG=latest
   MGT_PORT=9443
   POSTGRES_PASSWORD=password
   SUBNET_PREFIX=172.22.222
   IMAGE_PREFIX=chaitin

1. Start SafeLine.

1. Login: Access the management interface via your browser at http://<your-ip>:9443.

1. Reset the password if necessary.

Configuring Protection Sites

If your WAF and the site you want to protect are on the same server, and the protected site is running on port 9900, you can configure SafeLine to listen on port 80, with port 9900 as the upstream service. In this example, the site on port 9900 is a cloud document system.

After configuration, you only need to access the site via http://<your-ip>:80.

Testing and Monitoring

You can trigger alerts by simulating attack behavior to see how SafeLine responds.

Check the WAF alerts to confirm that attacks have been intercepted.

Shutting Down the WAF

SafeLine’s free version offers protection against common attacks, which should suffice for most users. For advanced users, custom rules can be created for even more effective protection.

Website: https://waf.chaitin.com
GitHub: https://github.com/chaitin/SafeLine