Configure Your First Application in SafeLine WAF

This guide walks you through how to configure and protect a web application using SafeLine WAF.

Prerequisite

First of all, make sure SafeLine has been successfully installed.

If not, please refer to the Install SafeLine documentation.

How SafeLine Works

SafeLine is a web application firewall (WAF) built on top of nginx.

It helps protect web applications by acting as an HTTP/HTTPS reverse proxy.

Incoming traffic is first received by SafeLine, which filters out malicious requests and forwards only clean traffic to the original backend application.

Proxy an Application in SafeLine

1. Log in to the SafeLine Web Admin Console.
2. Navigate to Applications → Applications.
3. Click the Add Application button in the upper-right corner.
4. In the dialog that appears, fill in your app information:

• Domain: The domain name, hostname, or IP address of your original app (e.g. www.chaitin.com).
• Port: The port SafeLine should listen on (e.g. 80 or 443). If you're protecting an HTTPS service, make sure to check the SSL option.
• Upstream: The real address (IP or domain) of your backend app, where SafeLine will forward traffic.

After saving, update your DNS to point the domain you just configured to the IP address of your SafeLine server.

You can now access your application through the configured domain, and it will be protected by SafeLine.

Try to Attack Your Application

Let’s test if SafeLine is working correctly by simulating some common web attacks.

If https://chaitin.com is protected by SafeLine, try the following URLs (replace with your domain):

• SQL Injection
  
  https://chaitin.com/?id=1+and+1=2+union+select+1

• XSS
  
  https://chaitin.com/?id=<img+src=x+onerror=alert()>

• Path Traversal
  
  https://chaitin.com/?id=../../../../etc/passwd

• Code Injection
  
  https://chaitin.com/?id=phpinfo();system('id')

• XXE (XML External Entity)
  
  https://chaitin.com/?id=<?xml+version="1.0"?><!DOCTYPE+foo+SYSTEM+"">

If SafeLine detects the attack, it will block the request and show a page like this:

View Attacks in the Admin Console

1. Open the Logs tab in the SafeLine console.
2. You'll see a list of blocked or detected attacks:

1. Click Detail to view more information about a specific attack:

🤝 Join Our Community

For any technical support, you can post the question directly on our forum: https://safepoint.cloud/discussion (Our technicians will receive a notification and reply shortly).
Or you can also post it in our Discord community: https://discord.gg/dy3JT7dkmY (We’ll check messages there every day)