Total Pageviews

Saturday, 31 August 2024

SafeLine,一个waf程序

 

serve as a reverse proxy to protect your web services from attacks and exploits.

waf.chaitin.com 

SafeLine - Make your web apps secure

🏠 Website   |   📖 Docs   |   🔍 Live Demo   |   🙋‍♂️ Discord   |   中文版

👋 INTRODUCTION

SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits.

A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others.

💡 How It Works

By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.

A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but acting as an reverse proxy intermediary that protects the web app server from a potentially malicious client.

its core capabilities include:

  • Defenses for web attacks
  • Proactive bot abused defense
  • HTML & JS code encryption
  • IP-based rate limiting
  • Web Access Control List

 Get Live Demo 

FEATURES

List of the main features as follows:

  • Block Web Attacks
    • It defenses for all of web attacks, such as SQL injection, XSS, code injection, os command injection, CRLF injection, XXE, SSRF, path traversal and so on.
  • Rate Limiting
    • Defend your web apps against DoS attacks, bruteforce attempts, traffic surges, and other types of abuse by throttling traffic that exceeds defined limits.
  • Anti-Bot Challenge
    • Anti-Bot challenges to protect your website from bot attacks, humen users will be allowed, crawlers and bots will be blocked.
  • Authentication Challenge
    • When authentication challenge turned on, visitors need to enter the password, otherwise they will be blocked.
  • Dynamic Protection
    • When dynamic protection turned on, html and js codes in your web server will be dynamically encrypted by each time you visit.

    Quickstart

    Warning

    中国大陆用户安装国际版可能会导致无法连接云服务,请查看 中文版安装文档

    📦 Installing

    Information on how to install SafeLine can be found in the Install Guide

    ⚙️ Protecting Web Apps

    to see Configuration

    Is SafeLine Production-Ready?

    Yes, SafeLine is production-ready.

  • Over 180,000 installations worldwide
  • Protecting over 1,000,000 Websites
  • Handling over 30,000,000,000 HTTP Requests Daily

🙋‍♂️ Community

Join our Discord to get community support, the core team members are identified by the STAFF role in Discord.

  • channel #feedback: for new features discussion.
  • channel #FAQ: for FAQ.
  • channel #general: for any other questions.

Several contact options exist for our community, the primary one being Discord. These are in addition to GitHub issues for creating a new issue.

   

  •  from https://github.com/chaitin/SafeLine

    (https://docs.waf.chaitin.com/)

    -----------------------------------------------------

    install safeline

    To set up a SafeLine instance, follow our getting started guide.

    Dependencies

    Minimum configuration requirements

    Dependency Value
    Operating system Linux
    Instruction architecture x86_64
    Software dependency Docker version 20.10.14 or above
    Software dependency Docker Compose version 2.0.0 or above
    Minimum environment 1 core CPU / 1 GB memory / 5 GB disk

    You can execute the following commands to confirm the server configuration:

    uname -m                                # view Instruction architecture
    docker version                          # view Docker version
    docker compose version                  # view Docker Compose version
    cat /proc/cpuinfo| grep "processor"     # view CPU info
    free -h                                 # view memory info
    df -h                                   # view disk info
    lscpu | grep ssse3                      # Check CPU ssse3 instruction

    Deploy

    Automatic Deploy

    Recommended.

    Use the following command to start the automated installation of SafeLine. (This process requires root privileges)

    bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"

    After the command is executed, it means the installation is successfully. Please go to Use Web UI directly.

    Mannually Deploy

    Install Docker

    Install the latest version of Docker.

    If you already have Docker installed, please skip this step.

    curl -sSL "https://get.docker.com/" | bash

    Create SafeLine Directory

    Create a directory for SafeLine to use, SafeLine will write its configuration and data to this directory. (You need to have at least 5GB of disk space)

    mkdir -p "/data/safeline"

    Docker Compose Script

    Download the latest docker compose script by using the following command.

    cd "/data/safeline"
    wget "https://waf.chaitin.com/release/latest/compose.yaml"

    Write Environment variables

    cd "/data/safeline"
    touch ".env"

    Write the following content in the ".env" file

    SAFELINE_DIR=/data/safeline
    IMAGE_TAG=latest
    MGT_PORT=9443
    POSTGRES_PASSWORD={postgres-password}
    SUBNET_PREFIX=172.22.222
    IMAGE_PREFIX=chaitin

    NOTE: Replace the placeholders in the file

  • SAFELINE_DIR: 123
  • IMAGE_TAG: SafeLine version to be used
  • MGT_PORT: Web console port to be used
  • POSTGRES_PASSWORD: Postgres db initialization password
  • SUBNET_PREFIX: SafeLine internal network communication address prefix
  • IMAGE_PREFIX: Mirror repository prefix

Launch SafeLine

Everything is ready to start the SafeLine service.

This process may take several minutes, so don't worry.

docker compose up -d

Use Web UI

Open the web console page https://<safeline-ip>:9443/ in the browser, then you will see below.

Get Administrator Account

docker exec safeline-mgt resetadmin

After the command is successfully executed, you will see the following content

Please must remember this content

[SafeLine] Initial username:admin
[SafeLine] Initial password:**********
[SafeLine] Done

Login

Enter the password in the previous step and you will successfully logged into SafeLine.

Uninstallation

If you are sure no longer want to use SafeLine, please follow the steps below to completely uninstall it.

  1. Enter SafeLine directory
cd <safeline-directory>
  1. Execute the follow command to stop SafeLine
docker compose down
  1. Execute the follow command to remove SafeLine data
rm -rf <safeline-directory>

FAQ

to Install Question

  •  from https://docs.waf.chaitin.com/en/tutorials/install

     

     

     

 

 

 

No comments:

Post a Comment