SafeLine is a free and open source Web Application Firewall (WAF) developed by Chaitin Tech. Itโs lightweight, powerful, and offers enterprise-grade protection against a wide range of attacks โ SQLi, XSS, RCE, SSRF, Path Traversal, and more.
๐ Quick Deployment with Docker
mkdir -p "/data/safeline"
cd "/data/safeline"
wget "https://waf-ce.chaitin.cn/release/latest/compose.yaml"
# Edit environment variables
vi .env
.env sample:
SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
ARCH_SUFFIX=
RELEASE=
REGION=
Start SafeLine:
docker compose up -d
๐ How It Works
Without SafeLine:
User โ Web Server
With SafeLine:
User โ SafeLine (reverse proxy) โ Web Server
Just like Nginx, it sits in front of your app and inspects every request.
๐งโ๐ป Admin Console
# Reset admin password
docker exec safeline-mgt resetadmin
Access the console at:
https://<your-ip>:9443
๐ Add Sites & Free HTTPS Certificates
- Go to
ApplicationsโAdd Application - Forward port
80and443to your backend service - Works like a transparent reverse proxy
- Supports Let's Encrypt with auto-renew โ just enter the domain!
Bonus: Enable Auto HTTP to HTTPS redirect under Global Config.
๐ก๏ธ Protection Modes
Choose your site's defense level:
- Defense: Block all attacks
- Audited: Only log suspicious behavior
- Offline: Show a maintenance page
A session ID sl-session is injected for tracking.
๐ Join the Community
- ๐ GitHub Repository
- ๐ Official Docs
- ๐ฌ Discord Community
Stay tuned for Part 2, where we test SafeLine with real attack payloads and benchmark it against Cloudflare, ModSecurity, and others.
Top comments (0)