CodeNewbie Community 🌱

Sharon428931
Sharon428931

Posted on

Configure Your First Application in SafeLine WAF

#webdev #codenewbie #safeline #waf

This guide walks you through how to configure and protect a web application using SafeLine WAF.

Prerequisite

First of all, make sure SafeLine has been successfully installed.

If not, please refer to the Install SafeLine documentation.

How SafeLine Works

SafeLine is a web application firewall (WAF) built on top of nginx.

It helps protect web applications by acting as an HTTP/HTTPS reverse proxy.

Incoming traffic is first received by SafeLine, which filters out malicious requests and forwards only clean traffic to the original backend application.

Image description

Proxy an Application in SafeLine

  1. Log in to the SafeLine Web Admin Console.
  2. Navigate to Applications β†’ Applications.
  3. Click the Add Application button in the upper-right corner.
  4. In the dialog that appears, fill in your app information:

Image description

  • Domain: The domain name, hostname, or IP address of your original app (e.g. www.chaitin.com).
  • Port: The port SafeLine should listen on (e.g. 80 or 443). If you're protecting an HTTPS service, make sure to check the SSL option.
  • Upstream: The real address (IP or domain) of your backend app, where SafeLine will forward traffic.

After saving, update your DNS to point the domain you just configured to the IP address of your SafeLine server.

You can now access your application through the configured domain, and it will be protected by SafeLine.

Image description

Try to Attack Your Application

Let’s test if SafeLine is working correctly by simulating some common web attacks.

If https://chaitin.com is protected by SafeLine, try the following URLs (replace with your domain):

  • SQL Injection

    https://chaitin.com/?id=1+and+1=2+union+select+1

  • XSS

    https://chaitin.com/?id=<img+src=x+onerror=alert()>

  • Path Traversal

    https://chaitin.com/?id=../../../../etc/passwd

  • Code Injection

    https://chaitin.com/?id=phpinfo();system('id')

  • XXE (XML External Entity)

    https://chaitin.com/?id=<?xml+version="1.0"?><!DOCTYPE+foo+SYSTEM+"">

If SafeLine detects the attack, it will block the request and show a page like this:

Image description

View Attacks in the Admin Console

  1. Open the Logs tab in the SafeLine console.
  2. You'll see a list of blocked or detected attacks:

Image description

  1. Click Detail to view more information about a specific attack:

Image description

🀝 Join Our Community

For any technical support, you can post the question directly on our forum: https://safepoint.cloud/discussion (Our technicians will receive a notification and reply shortly).
Or you can also post it in our Discord community: https://discord.gg/dy3JT7dkmY (We’ll check messages there every day)

Top comments (0)