API Gateways like Apache APISIX are fast and flexible — but they’re not built to stop every attack.
If you’re exposing APIs to the internet, you’ll face SQL injection, XSS, SSRF, and bot traffic sooner or later.
That’s where SafeLine WAF comes in. Starting with APISIX v3.5.0, you can integrate SafeLine directly via the chaitin-waf
plugin to inspect and block malicious requests in real-time.
Why Add a WAF to Your API Gateway?
APISIX handles load balancing, routing, and observability. But on its own, it can’t tell if this request is an attack:
POST /login
username=admin' OR '1'='1
With SafeLine WAF, that request gets stopped instantly:
{
"code": 403,
"message": "blocked by Chaitin SafeLine Web Application Firewall"
}
No false positives. No regex headaches. Just semantic-level attack detection.
Quick Integration (APISIX + SafeLine)
1. Configure SafeLine in TCP mode
Edit detector.yml
:
bind_addr: 0.0.0.0
listen_port: 8000
Expose it in compose.yaml
:
ports:
- 8000:8000
Restart SafeLine:
docker compose down && docker compose up -d
2. Run APISIX (Docker)
git clone https://github.com/apache/apisix-docker
cd apisix-docker/compose
echo 'APISIX_DOCKER_TAG=3.5.0-debian' >> .env
docker compose -f docker-compose-release.yaml up -d
3. Connect APISIX to SafeLine
curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/chaitin-waf \
-H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \
-X PUT -d '
{
"nodes":[
{"host": "192.168.99.11", "port": 8000}
]
}'
4. Protect Your Routes
curl http://127.0.0.1:9180/apisix/admin/routes/1 \
-H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \
-X PUT -d '
{
"uri": "/*",
"plugins": { "chaitin-waf": {} },
"upstream": {
"type": "roundrobin",
"nodes": {"192.168.99.12:80": 1}
}
}'
Test It Out
Normal request works:
curl 'http://127.0.0.1:9080/'
SQL injection attempt is blocked:
curl 'http://127.0.0.1:9080/' -d 'a=1 and 1=1'
Result:
{
"code": 403,
"message": "blocked by Chaitin SafeLine Web Application Firewall"
}
And yes — you’ll see the event logged in SafeLine’s dashboard.
Why Developers Love This Setup
- APISIX → blazing fast API gateway
- SafeLine WAF → deep semantic security engine
- One integration → stops SQLi, XSS, SSRF, RCE, bots, and more
No external cloud dependency. 100% open source. Developer-friendly.
Try It Yourself
Don’t just take our word for it. Try SafeLine and test it against real-world payloads.
- GitHub: https://github.com/chaitin/SafeLine
- Docs: https://docs.waf.chaitin.com/
- Discord Community: https://discord.gg/dy3JT7dkmY
Top comments (6)
That’s an interesting breakdown of how APISIX and SafeLine work together for security. For anyone interested in accessing public records and legal details, this resource on West Virginia bookings can be really helpful. Just like open-source tools improve transparency in tech, having reliable access to verified information also supports awareness and accountability.
That’s an interesting take on API security—thanks for sharing! Alongside exploring tools like APISIX and SafeLine, I think it’s also useful to stay informed about legal and public record resources. For instance, you can check va-arrests.org for updated records that might support compliance and awareness needs. Having both technical safeguards and reliable information sources ensures stronger overall protection.
That’s a really interesting take on strengthening API security with APISIX + SafeLine. While exploring similar safeguards, I also came across some resources that can help with real-world law enforcement data management. For example, this page on tx-arrests.org provides useful insights into records and case information, which can be valuable for building secure and transparent systems. Combining technical solutions with reliable data sources really makes the approach more effective.
You might find it helpful to explore more detailed information on local incidents as part of staying informed about security trends. For instance, a quick Oregon crime database lookup can provide insights into recent activity, which can help shape your risk assessment strategies. Staying updated on such data can complement the technical safeguards you implement in your API security stack.
Really impressed by the insights on API security and the integration possibilities with open-source tools. For those also interested in staying updated on legal and public safety records, the North Carolina Arrest List provides a clear way to track recent entries and relevant information efficiently. Combining both tech awareness and data transparency can really empower users in multiple fields.
Great breakdown on API security! Combining APISIX with SafeLine definitely makes sense for modern infrastructures. While reading, it reminded me how important structured records and transparency are in different sectors. For example, Records Canyon County Roaster also highlights how legal systems manage sensitive information for public access.