SafeLine WAF: Solving Login Failures and Configuration Errors

If you're experiencing issues logging into SafeLine WAF or configuring your sites, this guide walks through the most common problems and their fixes.

Login Issues

Forgot Admin Account Password

Reset the admin password with the following command:

docker exec safeline-mgt resetadmin

Dynamic Password (TOTP) Errors

Time Sync Problems

SafeLine Community Edition uses TOTP (Time-based One-Time Passwords) for 2FA, which is sensitive to time drift.

Make sure:

• Your mobile device (or TOTP app) has the correct system time and time zone.
• The SafeLine server’s system clock is accurate and synchronized (e.g., via ntp).

Password Expired

TOTP codes expire every 30 seconds. If login fails, wait for the next code and try again.

Still Can’t Log In?

• Confirm the container is running properly (docker ps)
• If you've just reset the admin password, retry login after a short wait.

Rebinding TOTP (2FA)

If you need to rebind your dynamic password, run:

docker exec safeline-mgt resettotp

Then, visit the SafeLine login page and follow the binding instructions using your TOTP app.

Configuration Issues

No Interception Logs After Setup

If no attack or access logs appear:

• Verify that incoming traffic is actually routed through SafeLine.
• Check upstream site settings and DNS routing.

Site Unreachable After Configuration

Several common causes can break access after configuring a new site:

• Incorrect site config: IPs, ports, or domains might be wrong or conflicting.
• Network connectivity issues: Ensure the SafeLine container can reach the upstream server.
• Port not accessible: The target site’s port may be closed or blocked by a firewall.
• Conflict in rules or settings: Review overlapping or overridden configurations.
• SafeLine container status: Run docker ps to confirm SafeLine is running.

You can also check logs for deeper insights:

docker logs safeline-mgt
docker logs safeline-tengine

Getting "400 Request Header Or Cookie Too Large"

This often means your configuration is creating a loop, where SafeLine forwards traffic back to itself.

Steps to resolve:

• Check upstream server IP and port.
• Make sure you're not routing SafeLine → app → SafeLine again.
• Restart and retest after fixing the config.

"404 Not Found" After Configuration

This can happen when SafeLine’s reverse proxy modifies the forwarded request unexpectedly.

Try:

• Using packet sniffers like tcpdump or Wireshark to compare pre- and post-WAF request paths.
• Verifying that the request URI, headers, and parameters haven’t changed unintentionally.

If your upstream application performs strict request validation, you may need to manually adjust SafeLine’s Nginx config.

⚠️ Note: Custom Nginx changes may be overwritten if you later apply config changes through the SafeLine web interface.

More Resources

• SafeLine GitHub
• SafeLine Docs
• SafeLine Discord

Still stuck? Join our community or open a support request—SafeLine users are here to help!