Web Application Firewalls (WAFs) are the silent guardians between your web app and the chaos of the open internet. They shield your application from hackers, data breaches, and all kinds of malicious requests that could ruin your day.
Just like in any other software category, WAFs come in two flavors:
- Proprietary SaaS WAFs – great, but you’ll pay a monthly fee and depend on a vendor.
- Free & Open-Source WAFs – run it yourself, keep control, and pay $0 in licensing fees.
SafeLine belongs to the latter category — a free and open-source WAF that runs as a reverse proxy and can stop a wide range of web attacks. In this post, we’ll take a look at what makes SafeLine worth your attention, how to set it up, and what you get out of the box.
Why SafeLine Stands Out
Sure, there are plenty of OSS WAFs out there, but SafeLine brings a few neat tricks:
- Runs as an Nginx-based reverse proxy between your app and the internet.
- Blocks common web attacks like XSS, SQL injection, CRLF injection, XXE, and more.
- Built-in HTTP DDoS protection with request rate limiting per IP.
- CAPTCHA challenge on demand for suspicious visitors.
- Dynamic JS/HTML code obfuscation to slow down attackers.
- A clean, real-time dashboard for monitoring traffic and threats.
The dev team claims 99% accuracy in detecting malicious traffic in their tests — higher than many competitors. We’ll leave the benchmarking to you, but it’s a bold statement.
Installation
Getting SafeLine running is refreshingly simple.
System Requirements
Official docs recommend at least 1 GB RAM and 1 CPU core, though actual needs will depend on your app’s traffic. SafeLine is written in Go and aims to be lightweight, so you can optimize performance later.
Install via Docker (Fast Way)
SafeLine ships as a Docker image. You can deploy it with a single command:
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/manager.sh)" -- --en
Once installed, you’ll find it running at:
https://<your-server-ip>:9443/
Open that in a browser to access the dashboard.
Get Your Admin Credentials
docker exec safeline-mgt resetadmin
This will give you the default username/password for logging in.
Prefer manual setup? The docs have a Manual Installation section with step-by-step instructions.
First Look at the Dashboard
When you log in for the first time (and already have a web app behind it), SafeLine greets you with a real-time dashboard.
You’ll see:
- Current requests, visitors, and blocked IPs.
- Top countries by request volume or blocked attacks.
- Live requests-per-second metrics.
- 2D/3D globe view of traffic sources.
There’s also a hidden gem — the Live Data Panel. Hit the button and you’ll watch attacks unfold in real-time:
This isn’t just eye candy. It’s useful for spotting flood attacks, debugging your app, or… impressing your grandma.
Coming Next: Advanced Rules & Threat Mitigation
This was just the basics — in the next part of our SafeLine series, we’ll go deeper into:
- Adding and managing apps
- Creating custom security rules
- Fine-tuning rate limits
- Setting up instant alerts via Telegram or Discord
If you’re looking for an OSS WAF that’s easy to set up, actively maintained, and feature-packed, SafeLine deserves a spot on your shortlist.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)