CodeNewbie Community 🌱

Sharon428931
Sharon428931

Posted on

Which Free WAF Performs Best? SafeLine vs Cloudflare vs ModSecurity

#webdev #waf #safeline #beginners

BlazeHTTP

BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.

  • πŸ“¦ Abundant Samples: Currently, a total of 33669 samples are available, with continuous updates in progress...
  • πŸš€ No Configuration Required: Offers both a GUI and a command-line version, facilitating direct downloads of precompiled versions through Releases, or the option to clone the code and compile locally.
  • πŸ“– Exportable Reports: Generates comprehensive reports on the execution results of all samples, including sample attributes, execution time, status codes, interception status, and more.

Testing Metrics

Metric Description Calculation Method
Detection Rate Reflects the comprehensiveness of WAF detection capabilities, indicating "missed detections" if none are found. Number of attack sample interceptions
False Positive Rate Reflects interference with normal traffic, unreliable results being deemed "false positives". Number of normal sample interceptions
Accuracy The accuracy metric combines detection and false positive rates, preventing undue focus on either missed detections or false positives.
Detection Timing Reflects WAF performance, with greater time consumption indicating poorer performance.

Sample Instances 

# Normal sample: testcases/00/02/5ebf56a710da27b73a9ad59219f0.white
GET /rc-virtual-list@3.5.2/lib/hooks/useHeights.js HTTP/1.1
Host: npm.staticblitz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Accept: */*
Origin: https://stackblitz.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://stackblitz.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7

# Malicious sample: testcases/8a/36/0bbc7685860c526e33f3cbd83f9c.black
GET /vulnerabilities/sqli_blind/?id=1%27+or+%27%27%3D%27&Submit=Submit HTTP/1.1
Host: 10.10.3.128
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://10.10.3.128/vulnerabilities/sqli_blind/?id=1%27+and+%27%27%3D%27&Submit=Submit
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
Enter fullscreen mode Exit fullscreen mode

SafeLine vs CloudFlare

Metric CloudFlare, Free Version SafeLine, Free Version, Balance Mode SafeLine, Free Version, Strict Mode
Total Samples 33669 33669 33669
Successful 33350 33669 33669
Errors 319 0 0
Detection Rate (higher is better) 10.70% (Total Malicious Samples: 570, Correctly Intercepted: 61, Missed Detections: 509) 71.65% (Total Malicious Samples: 575, Correctly Intercepted: 412, Missed Detections: 163) πŸš€ 76.17% (Total Malicious Samples: 575, Correctly Intercepted: 438, Missed Detections: 137)
False Positive Rate (lower is better) 0.07% (Total Normal Samples: 32780, Correctly Passed: 32757, False Positives: 23) πŸš€ 0.07% (Total Normal Samples: 33094, Correctly Passed: 33071, False Positives: 23) 0.22% (Total Normal Samples: 33094, Correctly Passed: 33021, False Positives: 73)
Accuracy (higher is better) 98.40% (Correct Interceptions + Correct Passes) / Total Samples πŸš€ 99.45% (Correct Interceptions + Correct Passes) / Total Samples 99.38% (Correct Interceptions + Correct Passes) / Total Samples
Average Time 288.96 milliseconds 70.05 milliseconds 64.34 milliseconds

SafeLine vs ModSecurity

Metric ModSecurity, PARANOIA Level 1 ModSecurity, PARANOIA Level 4 SafeLine, Free Version, Balance Mode SafeLine, Free Version, Strict Mode
Total Samples 33669 33669 33669 33669
Successful 33669 33669 33669 33669
Errors 0 0 0 0
Detection Rate (higher is better) 69.74% (Total Malicious Samples: 575, Correctly Intercepted: 401, Missed Detections: 174) πŸš€ 94.61% (Total Malicious Samples: 575, Correctly Intercepted: 544, Missed Detections: 31) 71.65% (Total Malicious Samples: 575, Correctly Intercepted: 412, Missed Detections: 163) 76.17% (Total Malicious Samples: 575, Correctly Intercepted: 438, Missed Detections: 137)
False Positive Rate (lower is better) 17.58% (Total Normal Samples: 33094, Correctly Passed: 27275, False Positives: 5819) 52.46% (Total Normal Samples: 33094, Correctly Passed: 15732, False Positives: 17362) πŸš€ 0.07% (Total Normal Samples: 33094, Correctly Passed: 33071, False Positives: 23) 0.22% (Total Normal Samples: 33094, Correctly Passed: 33021, False Positives: 73)
Accuracy (higher is better) 82.20% (Correct Interceptions + Correct Passes) / Total Samples 48.34% (Correct Interceptions + Correct Passes) / Total Samples πŸš€ 99.45% (Correct Interceptions + Correct Passes) / Total Samples 99.38% (Correct Interceptions + Correct Passes) / Total Samples
Average Time 31.15 milliseconds 28.89 milliseconds 70.05 milliseconds 64.34 milliseconds

🀝 Join the Community

Interested in discussing bot protection strategies? Join the SafeLine WAF community:

Top comments (0)

Read next

farhakousar16 profile image

Explore "The Data Science Sandwich"

Farha kousar -

windmillcode profile image

LibTracker Updates 5/12/25: Simplifying Dependency Management for Developers

Windmillcode -

windmillcode profile image

LibTracker VS Code Extension: Streamline Your Dependency Management

Windmillcode -

montasser profile image

The PHP Elvis Operator (?:) Explained

Montasser -