News

Deploying Free WAF SafeLine Using Docker

stp2y0 Comments
Deploying Free WAF SafeLine Using Docker


With more people setting up private clouds, NAS, home theaters, blogs, and library management systems at home, some of these systems are being exposed to the public internet to enable remote access. In such cases, deploying a Web Application Firewall (WAF) like SafeLine to protect your data is crucial.



System Requirements

Before installing SafeLine, ensure that your system meets the following requirements:

  • Operating System: Linux
  • CPU Architecture: x86_64 with SSSE3 instruction set support
  • Software Dependencies: Docker version 20.10.14 or above, Docker Compose version 2.0.0 or above
  • Minimum Resources: 1 core CPU, 1 GB RAM, 5 GB disk space



How to Check Your System

To verify your system’s compatibility, use the following commands:

  • Check CPU architecture: uname -m
  • View CPU information: cat /proc/cpuinfo | grep "processor"
  • Confirm SSSE3 support: lscpu | grep ssse3
  • Check Docker version: docker version
  • Check Docker Compose version: docker compose version
  • Check old Docker Compose version: docker-compose version
  • View memory information: free -h
  • View disk space: df -h



Download and Install SafeLine

  1. Download the installation package: 
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
Enter fullscreen mode

Exit fullscreen mode

  1. Upload the package to your server.

  1. Import into Docker: 
   cat image.tar.gz | gzip -d | docker load
Enter fullscreen mode

Exit fullscreen mode

  1. Create SafeLine directory: 
   mkdir -p "/data/safeline"
   cd "/data/safeline"
Enter fullscreen mode

Exit fullscreen mode

  1. Download the compose script: 
   wget https://waf.chaitin.com/release/latest/compose.yaml
Enter fullscreen mode

Exit fullscreen mode

  1. Configure environment variables: 
   cd "/data/safeline"
   touch ".env"
Enter fullscreen mode

Exit fullscreen mode

Set the following variables in your .env file:

   SAFELINE_DIR=/data/safeline
   IMAGE_TAG=latest
   MGT_PORT=9443
   POSTGRES_PASSWORD=password
   SUBNET_PREFIX=172.22.222
   IMAGE_PREFIX=chaitin
Enter fullscreen mode

Exit fullscreen mode

  1. Start SafeLine.

Image description

  1. Login: Access the management interface via your browser at http://<your-ip>:9443.

Image description

  1. Reset the password if necessary.

Image description



Configuring Protection Sites

Image description

If your WAF and the site you want to protect are on the same server, and the protected site is running on port 9900, you can configure SafeLine to listen on port 80, with port 9900 as the upstream service. In this example, the site on port 9900 is a cloud document system.

Image description

After configuration, you only need to access the site via http://<your-ip>:80.



Testing and Monitoring

You can trigger alerts by simulating attack behavior to see how SafeLine responds.

Image description

Check the WAF alerts to confirm that attacks have been intercepted.

Image description



Shutting Down the WAF

Image description

SafeLine’s free version offers protection against common attacks, which should suffice for most users. For advanced users, custom rules can be created for even more effective protection.

Website: https://waf.chaitin.com
GitHub: https://github.com/chaitin/SafeLine



Source link
lol

By stp2y

Leave a Reply

Your email address will not be published. Required fields are marked *

No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.