Why SafeLine Might Be the Best Open Source WAF You Haven’t Tried Yet

SafeLine is a free and open source Web Application Firewall (WAF) developed by Chaitin Tech. It’s lightweight, powerful, and offers enterprise-grade protection against a wide range of attacks — SQLi, XSS, RCE, SSRF, Path Traversal, and more.

---

🚀 Quick Deployment with Docker

mkdir -p "/data/safeline"
cd "/data/safeline"
wget "https://waf-ce.chaitin.cn/release/latest/compose.yaml"

# Edit environment variables
vi .env

.env sample:

SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
ARCH_SUFFIX=
RELEASE=
REGION=

Start SafeLine:

docker compose up -d

---

🔒 How It Works

Without SafeLine:

User → Web Server

With SafeLine:

User → SafeLine (reverse proxy) → Web Server

Just like Nginx, it sits in front of your app and inspects every request.

---

🧑‍💻 Admin Console

# Reset admin password
docker exec safeline-mgt resetadmin

Access the console at:
https://<your-ip>:9443

---

🌐 Add Sites & Free HTTPS Certificates

• Go to Applications → Add Application

• Forward port 80 and 443 to your backend service

• Works like a transparent reverse proxy

• Supports Let's Encrypt with auto-renew — just enter the domain!

Bonus: Enable Auto HTTP to HTTPS redirect under Global Config.

---

🛡️ Protection Modes

Choose your site's defense level:

• Defense: Block all attacks

• Audited: Only log suspicious behavior

• Offline: Show a maintenance page

A session ID sl-session is injected for tracking.

---

🌍 Join the Community

• 🌐 [GitHub Repository] (https://github.com/chaitin/safeline)

• 📚 [Official Docs] (https://docs.waf.chaitin.com/)

• 💬 [Discord Community] (https://discord.gg/dy3JT7dkmY)

---

Stay tuned for Part 2, where we test SafeLine with real attack payloads and benchmark it against Cloudflare, ModSecurity, and others.