LuluSafeLine WAF (Web Application Firewall) is an effective tool for protecting your web applications from a variety of attacks. In this guide, we’ll explore how to log in to SafeLine, different deployment configurations, and perform basic security testing.
1. Logging into SafeLine
To access SafeLine’s management interface, open your browser and go to: https://<waf-ip>:9443
2. Configuration Methods for SafeLine
SafeLine offers two primary methods of deployment, depending on your environment and needs. Here’s a breakdown of each.
2.1 Deploying SafeLine on a Separate Device
In this method, you deploy SafeLine on a dedicated server and route all web traffic through it, filtering out malicious requests before they reach your web server.
Steps:
- Point all web traffic to SafeLine (e.g., update DNS records to resolve the domain to SafeLine's IP).
- Block direct access to the web server except through SafeLine. You can achieve this by configuring firewalls or placing your web server in a private network.
Example Environment Setup:
- SafeLine server:
192.168.65.8(Domain: www.waf.ct) - Web server:
192.168.65.4(Domain: www.server.ct)
Editing Nginx Configuration on SafeLine
In SafeLine’s Nginx configuration file, define the upstream servers and proxy traffic to the web server:
upstream backend_monitor_servers {
server 192.168.65.4:80;
}
server {
listen 81;
server_name www.waf.ct;
location / {
limit_req zone=five burst=10;
proxy_pass http://backend_monitor_servers;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
add_header Strict-Transport-Security "max-age=31536000";
}
access_log /data/log/nginx/access.log;
error_log /data/log/nginx/error.log;
}
Testing for Attacks
You can test for SQL injection attacks using the following command:
curl -v "http://www.waf.ct?id=1'union select * from dps"
2.2 Deploying SafeLine Directly on the Web Server (Not Recommended)
This method involves deploying SafeLine on the same machine as your web server. While possible, this is not recommended due to increased system load, a higher risk of system failure, and potential installation issues in non-clean environments.
If you choose to deploy SafeLine on the same server, follow these steps:
- Change your website to listen on a different port (e.g., port 8080) instead of the default HTTP (80) or HTTPS (443/ssl) ports.
- Configure SafeLine to listen on ports 80 and 443, proxying traffic to your web server.
- Restrict web server access to localhost only by configuring your firewall or iptables.
Example Setup:
1.Web login service listens on port 8080.
2.SafeLine listens on ports 80 and 443, and proxies traffic to your web server.
Testing:
Run the following command to test the configuration:
curl -H "Host: <domain>" http://<SafeLine IP>:<SafeLine listening port>
For example:
curl -H "Host: 192.168.65.8" http://192.168.65.8:80
If you see a response from the web application and the "Today's Visit Count" increases, the configuration is successful.
2.3 Deploying SafeLine Alongside Other Reverse Proxy Devices
You can also deploy SafeLine as one of several reverse proxy devices. In this setup, SafeLine is inserted into the main traffic flow, receiving traffic from the previous proxy and forwarding it to the next server.
Simply configure SafeLine to receive traffic and set the "Upstream Server" to the next hop server's address.
Conclusion
SafeLine WAF offers flexible deployment options that can be tailored to your specific infrastructure. Whether you prefer deploying on a dedicated server, alongside other proxies, or even directly on your web server, SafeLine will effectively protect your web applications from attacks. Choose the method that best fits your needs, and get started with securing your traffic today!
For more information and detailed documentation, visit SafeLine’s website.
