Looking for a lightweight, fast-deploying WAF solution? In this hands-on guide, we walk you through deploying and testing SafeLine WAF, an open-source Web Application Firewall built by security experts at Chaitin Tech.
With intelligent semantic analysis at its core, SafeLine offers powerful protection against SQLi, XSS, HTTP Flood, and more โ while remaining easy enough to install and use in under 5 minutes.
๐ What Is SafeLine?
SafeLine is a modern, open-source Web Application Firewall developed by Chaitin Tech over nearly a decade. Itโs designed as a reverse proxy WAF that protects your web apps from malicious traffic, while minimizing false positives and performance hits.
SafeLine is especially well-suited for small and medium businesses (SMBs), personal sites, and developers looking for a secure yet simple WAF solution.
Core Features:
- Semantic engine to detect web attacks intelligently
- Built-in HTTP Flood and access control
- Real-time dynamic protection
- User-friendly dashboard with attack stats
- AI-powered rule matching
- Lightweight and fast to deploy
โ๏ธ Requirements & Installation
System Requirements:
- OS: Linux
- Arch:
x86_64(supportsssse3) orarm64 - Docker: โฅ 20.10.14
- Docker Compose: โฅ 2.0.0
- Minimum: 1 CPU, 1 GB RAM, 5 GB Disk
โ One-Click Install (Takes ~3 minutes)
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
Once installed, open https://localhost:9443/ in your browser to access the SafeLine dashboard.
๐งโ๐ป Resetting the Admin Account (if needed)
docker exec safeline-mgt resetadmin
๐งช Quick Test with DVWA
Letโs test SafeLine using DVWA, a classic vulnerable web app.
Step 1: Launch DVWA on Port 8888
docker pull citizenstig/dvwa
docker run --name Dvwa -d -p 8888:80 citizenstig/dvwa
Step 2: Configure WAF to Protect Port 8888
In SafeLineโs dashboard, create a site config to proxy and protect port 8888.
SafeLine will expose the protected version on a new port (e.g. 8881).
๐งจ Test an SQL Injection
Try accessing the following directly:
http://127.0.0.1:8888/index.php?id=select%20information
Youโll see the request succeeds โ because this bypasses the WAF.
Now access it via the WAF proxy (e.g., port 8881):
http://127.0.0.1:8881/index.php?id=select%20information
Boom! ๐ฏ SafeLine detects and logs the attack. Check the dashboard for details.
๐ Dynamic Protection: Turn Static Pages into Moving Targets
SafeLine supports a feature called Dynamic Protection, which obfuscates HTML and JavaScript on-the-fly. This makes your site harder to fingerprint, crawl, or exploit using automated tools.
What it protects:
- Frontend source code privacy
- Blocks scrapers and bots
- Obfuscates static content
- Hardens pages against automated scans and exploits
๐งฌ Enabling Dynamic Encryption
In SafeLineโs UI, go to Bot Protection โ Enable Dynamic HTML Encryption.
Revisit your site โ now the page source is encrypted, randomized, and tough to parse by bots.
๐ค Anti-Bot & CAPTCHA
SafeLine also offers anti-bot defenses, including human verification challenges.
Test with a Simple Script:
import requests
url = "http://YOUR_IP:8881/index.php"
try:
response = requests.get(url)
print(f"Status Code: {response.status_code}")
print(f"Body: {response.text[:200]}...")
except requests.RequestException as e:
print(f"Error: {e}")
Without human verification, your botโs request gets blocked.
Disable Dynamic Protection, and the request will succeed โ proving that SafeLine is intercepting automated traffic correctly.
๐งพ Final Thoughts
In a world where security threats evolve daily, SMBs need fast, affordable, and effective defenses. SafeLine delivers just that โ blending powerful AI-driven detection with a sleek UI and a 3-minute setup.
With features like dynamic content protection, bot mitigation, and full reverse proxy support, SafeLine offers a rare mix of power and simplicity.
Try it out and join the open-source WAF movement
๐ฌ Join the Community
Want help or just want to share ideas?
- ๐ GitHub Repository
- ๐ Official Docs
- ๐ฌ Discord Community
Top comments (0)