In today’s digital landscape, ensuring the security of your web applications is paramount. SafeLine, a Web Application Firewall (WAF) developed by Chaitin Technology, offers robust protection by filtering and monitoring HTTP traffic to and from your web application. In this guide, we’ll walk through the installation, configuration, and testing of SafeLine WAF to help you secure your web environment.
1. Installing SafeLine WAF on Linux
To get started with SafeLine, you’ll need a Linux system with Docker and Docker Compose pre-installed. Once your environment is ready, execute the following command to install SafeLine WAF:
bash -c "$(curl -fsSLk https://waf.chaitin.com/release/latest/setup.sh)"
The default installation path is /data/safeline
.
2. Accessing the SafeLine Management Interface
After installation, you can access SafeLine via your browser by navigating to the default port 9443
. Log in with your credentials, and you’ll be greeted with the management interface where you can begin configuring your WAF settings.
3. Basic Configuration
SafeLine operates primarily as a reverse proxy, similar to Nginx. This setup means that all incoming traffic is routed through SafeLine before reaching your web server, allowing it to inspect and filter potentially harmful requests.
- Go to the Web Services section, click Add Web Service to add your website to the WAF.
- Configure the necessary details, such as the domain and ports, to ensure traffic is properly routed through SafeLine.
4. Testing SafeLine WAF Protection
Once your site is configured, it’s crucial to test whether SafeLine is effectively protecting your web application.
Step 1: Perform a SQL Injection Test
A simple way to test the WAF’s protection is by crafting a SQL injection payload:
https://myon6.blog.csdn.net/?id=1%20AND%201=1
This should be intercepted by SafeLine, blocking the request. However, if you notice that there are no logs of this interception, the issue might be that the traffic was blocked by another WAF (like CSDN’s) before reaching SafeLine.
Step 2: Proper Testing Setup
To accurately test SafeLine, it’s essential to ensure that SafeLine is installed directly on the server hosting the website. If SafeLine is installed on server A, it will only protect sites hosted on server A. For testing:
- Set up a virtual machine (VM) with Apache to simulate a web server.
- Add this site to SafeLine and configure the port SafeLine will use to monitor traffic.
Port Configuration:
The port you configure in SafeLine is crucial. For example, if SafeLine is set to monitor port 8080
, but your website is accessed via port 80
, the WAF will not intercept traffic. You must access the site via the port SafeLine is monitoring (e.g., 8080
).
Here’s a common scenario:
- Apache is running on port
80
. - SafeLine is configured to monitor port
8080
. - Access the site via
http://yourdomain:8080
to ensure SafeLine filters the traffic.
If port 80
is in use, you’ll need to either stop the service using it or configure SafeLine to use a different port.
5. Monitoring and Logs
SafeLine provides detailed logs that allow you to monitor intercepted traffic. You can review these logs to understand the types of attacks being blocked and analyze the traffic patterns.
Use docker ps
to view the running Docker containers related to SafeLine.
These containers must remain active to maintain continuous protection. For long-term use, deploying SafeLine on a public server (e.g., a cloud server) is recommended to ensure uninterrupted service.
6. Additional Considerations
- Network Setup: SafeLine must be installed on the same server as your website to monitor and protect its traffic effectively. If your WAF is on server A, it can’t protect sites on server B unless both are within the same local network.
- Server Uptime: Ensure that the server running SafeLine is always on to maintain continuous protection. If you’re testing on a VM and it’s turned off, the WAF will no longer function.
Conclusion
SafeLine WAF offers a powerful and flexible solution for securing web applications against a variety of threats. By following this guide, you’ll have a fully operational WAF that not only protects your sites but also provides insights through detailed logs. Whether you’re safeguarding a small blog or a large enterprise application, SafeLine is a critical tool in your cybersecurity arsenal.
Source link
lol