Site Configuration in SafeLine WAF: Three Deployment Modes

SafeLine WAF supports three site configuration modes, each designed for different web deployment scenarios:

• Proxy to an existing website
• Static file hosting
• Redirect to another site

Let’s walk through each mode and how to set them up.

1. Proxy to an Existing Website

This mode is ideal when you already have a working website, and you want to protect it with SafeLine.

Example Scenario:

You have a website running at 192.168.1.2:8000, and the domain is demo.safeline.com. You want SafeLine to sit in front and provide security protection.

Key Configuration Fields

• Domain: This is the domain visitors will use to access your site via SafeLine. Default is * (no restriction), but it’s recommended to specify something like demo.safeline.com to limit access.

💡 Remember to update your domain's DNS records to point to the WAF server’s IP address, otherwise traffic won’t pass through SafeLine.

• Port:
  
  The listening port on SafeLine. Use 80 for HTTP or 443 for HTTPS (check the SSL option if using HTTPS).

• Upstream Server:
  
  The original backend web server you want to protect. In our example, set this to http://192.168.1.2:8000.

💡 If you encounter an error like

nginx: [emerg] duplicate listen options for 0.0.0.0:80,

it means the port is already in use. Check if another process like Nginx is occupying the port and resolve the conflict.

• Note: Optional. You can enter a memorable name for the site.

2. Static File Hosting

If you’re hosting a static frontend website (HTML/CSS/JS) and want WAF protection, this is the right mode. No upstream server is needed.

Steps:

• Specify the listening port and domain as needed.
• After the site is created, switch to the Static Resources tab to upload your files.
• You can upload individual files or a .zip package. SafeLine will automatically extract and overwrite the content directory.

3. Redirect to Another Site

This mode is used when you want to redirect traffic from an old domain to a new one.

Example:

Redirect old.safeline.com to new.safeline.com with a 301 permanent redirect.

Test Your Setup

Once configured, access your domain and check if it routes correctly.

Try simulating an attack like an SQL injection and see if it gets blocked. If it does—your WAF is working!

Troubleshooting

How to check if traffic is going through SafeLine?

All traffic passing through SafeLine will include a cookie named sl-session in the response headers. Check for this to confirm.

Port Conflict?

Use tools like lsof or ss to find which process is using the port. Resolve the conflict by stopping or reconfiguring the offending service.

Tengine Keeps Restarting?

If the tengine container keeps restarting, possible causes include:

• Port conflict
• Invalid DNS settings
• Corrupted or invalid configuration

Check logs for errors, or run the reset script to restore defaults:

cd /data/safeline && bash reset_tengine.sh

Final Thoughts

SafeLine offers flexible site deployment modes that work for both traditional and modern web setups. Whether you're proxying, serving static files, or redirecting old domains, the configuration process is simple and intuitive.

Start protecting your site in just a few minutes.

Join the SafeLine Community

• GitHub Repository
• Official Docs
• Discord Community