DEV Community

Lulu
Lulu

Posted on

Strengthen Your Web Security with SafeLine WAF on CentOS7

Introduction to SafeLine WAF

SafeLine Web Application Firewall (WAF) is a simple, user-friendly, and robust free WAF solution.

Built on industry-leading semantic engine detection technology, SafeLine as a reverse proxy to protect your website from hacker attacks. After nearly 10 years of development, Chaitin Technology has crafted this tool with dedication. Its core detection capabilities are driven by intelligent semantic analysis algorithms. With SafeLine, hackers won't be able to breach your defenses.

Key Features

  • Easy To Use: Deployed by Docker, one command can complete the installation. Get started at 0 cost.
  • High Security Efficacy: The world's first NGWAF based on the semantic analysis intelligent algorithm. Naturally against more than 70% of zero-day attacks.
  • High Performance: Average request detection delay at 1 millisecond level. Single core easily detects 2000+ TPS.
  • High Availability: Built-in complete health check mechanism, service availability is as high as 99.99%.

For more details, refer to the official documentation:
SafeLine WAF Documentation.

Deploying and Using SafeLine WAF

1. Install Docker on CentOS7

First, ensure you have Docker installed on your CentOS7 server. You can use a one-click script to complete the Docker installation:

Image description

Image description

2. Create and Enter the SafeLine Installation Directory

Create a directory for SafeLine and navigate into it:

mkdir -p safeline        # Create the safeline directory
cd safeline              # Enter the safeline directory
Enter fullscreen mode Exit fullscreen mode

Download the compose script compose.yaml and upload it to the safeline directory.

Image description

Download Link:

https://waf.chaitin.com/release/latest/compose.yaml
Enter fullscreen mode Exit fullscreen mode
echo "SAFELINE_DIR=$(pwd)" >> .env
echo "IMAGE_TAG=latest" >> .env
echo "MGT_PORT=9443" >> .env
echo "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env
echo "REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env
echo "SUBNET_PREFIX=172.22.222" >> .env
Enter fullscreen mode Exit fullscreen mode
docker compose up -d
Enter fullscreen mode Exit fullscreen mode

3.Add SSL Certificates

Image description

Image description

Image description

4.Add Protected Site

Image description

Deploy SafeLine on a Dedicated Device

If you can provide a dedicated device for deploying SafeLine, you need to:

  1. Redirect Website Traffic to SafeLine: Update your DNS settings to point your domain to SafeLine.
  2. Restrict Access on the Web Server: Block all access to your web server except for traffic coming from SafeLine. Configure the firewall to achieve this.

SafeLine Configuration for the Corresponding Site

  • Domain: Public domain name example.com
  • Port: 80 or 443/ssl
  • Upstream Server: Address of the web server http://192.168.10.10

Open Corresponding Ports on the Firewall
Make sure to open the necessary ports on your firewall:

firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --reload
Enter fullscreen mode Exit fullscreen mode

5.Configure Domain Resolution

Ensure your site's domain points to the WAF:

Image description

Image description

6.Testing WAF Interception Capabilities

To ensure that SafeLine WAF is properly intercepting attacks, you can simulate common web attacks such as SQL injection and XSS.

  • Simulate SQL Injection
   http://<IP-or-domain>:<port>/?id=1%20AND%201=1
Enter fullscreen mode Exit fullscreen mode
  • Simulate XSS
   http://<IP-or-domain>:<port>/?html=<script>alert(1)</script>
Enter fullscreen mode Exit fullscreen mode

When you visit URLs, you should see that SafeLine has detected and blocked the attack requests.

Image description

Image description

7.Automated Testing of WAF Protection

You can use the BlazeHTTP tool to automate the testing of SafeLine WAF's protection capabilities.

https://github.com/chaitin/blazehttp/releases
blazehttp_0.0.3_linux_amd64.zip

chmod 777 blazehttp
./blazehttp -t https://your-waf-site.com -g './testcases/*/*.http'
Enter fullscreen mode Exit fullscreen mode

By running these commands, BlazeHTTP will execute a series of test cases.

Image description

8.Protection Effectiveness

Image description

Image description

Top comments (0)