SherbertIll6SafeLine WAF is a lightweight, yet highly secure Web Application Firewall (WAF) designed to fully protect your web applications from common attacks and exploits. Built on Nginx, it functions as a reverse proxy to intercept and analyze traffic before it reaches your web server.
How It Works:
Take a look at this simple web traffic flow: external users send requests that travel through the network and eventually reach your web server.
SafeLine sits as a reverse proxy, intercepting traffic before it hits your server. It thoroughly inspects the traffic for any malicious behavior, cleanses it, and then forwards the sanitized traffic to your server.
1. Installation
It's important to install SafeLine on a different machine than your web service. You'll need a Docker environment to proceed with the installation. Here's a quick demonstration of installing SafeLine on an Unraid system.
For an online installation, enter the following command:
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
When prompted for an installation directory, press Enter to accept the default.
Since I'm using Unraid, I'll install it in the Docker directory for easier management:
/mnt/user/appdata/safeline
Once the installation is complete, click the link https://<safeline-ip>:9443/ to access the console.
2. Getting Started
Click "Agree, Get Started" and enter the initial username and password, both of which are "admin."
You’ll find the interface clean and user-friendly.
2.1 Resetting Your Password
If you forget your password, don't worry. You can reset it easily by following these steps:
If you’re prompted with an incorrect password message, click "Forgot Password."
To reset the password, enter the following command:
docker exec safeline-mgt resetadmin
After resetting, log in again, go to "System Settings," and change the account password.
2.2 Adding a Site
In this example, I’ve set up an Nginx server as the web site. Since SafeLine and Nginx (the protected web site) are on the same server and share the same IP address, make sure the port numbers you set don't conflict!
- Enter the port number you’ll use to access the web page.
- Fill in the upstream (the web site you want to protect).
Once you’ve done this, the site will be successfully added! You can now access the web page through port 8082.
If you need HTTPS, you'll have to add your own certificate:
- Upload the certificate and private key.
- Check SSL and select your certificate.
This will enable HTTPS.
2.3 Testing Protection
- Simulate SQL Injection:
http://<IP or domain>:<port>/?id=1%20AND%201=1
- Simulate XSS:
http://<IP or domain>:<port>/?html=<script>alert(1)</script>
2.4 Uninstallation
If you are sure no longer want to use SafeLine, please follow the steps below to completely uninstall it.
- Enter SafeLine directory
cd <safeline-directory>
- Execute the follow command to stop SafeLine
docker compose down
- Execute the follow command to remove SafeLine data
rm -rf <safeline-directory>
