chaitin / SafeLine
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing chaitin/SafeLine in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Summary (README)
Preview๐ INTRODUCTION
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits.
A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others.
๐ก How It Works
<img src="/images/how-it-works.png" width="800" />By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machineโs identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.
A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but acting as a reverse proxy intermediary that protects the web app server from a potentially malicious client.
its core capabilities include:
- Defenses for web attacks
- Proactive bot abused defense
- HTML & JS code encryption
- IP-based rate limiting
- Web Access Control List
โก๏ธ Screenshots
| <img src="./images/screenshot-1.png" width=370 /> | <img src="./images/screenshot-2.png" width=370 /> |
|---|---|
| <img src="./images/screenshot-3.png" width=370 /> | <img src="./images/screenshot-4.png" width=370 /> |
Get Live Demo
๐ฅ FEATURES
List of the main features as follows:
Block Web Attacks- It defenses for all of web attacks, such as
SQL injection,XSS,code injection,os command injection,CRLF injection,XXE,SSRF,path traversaland so on.
- It defenses for all of web attacks, such as
Rate Limiting- Defend your web apps against
DoS attacks,bruteforce attempts,traffic surges, and other types of abuse by throttling traffic that exceeds defined limits.
- Defend your web apps against
Anti-Bot Challenge- Anti-Bot challenges to protect your website from
bot attacks, humen users will be allowed, crawlers and bots will be blocked.
- Anti-Bot challenges to protect your website from
Authentication Challenge- When authentication challenge turned on, visitors need to enter the password, otherwise they will be blocked.
Dynamic Protection- When dynamic protection turned on, html and js codes in your web server will be dynamically encrypted by each time you visit.
๐งฉ Showcases
| Legitimate User | Malicious User | |
|---|---|---|
Block Web Attacks | <img src="./images/skeleton.png" width=270 /> | <img src="./images/blocked-for-attack-detected.png" width=270 /> |
Rate Limiting | <img src="./images/skeleton.png" width=270 /> | <img src="./images/blocked-for-access-too-fast.png" width=270 /> |
Anti-Bot Challenge | <img src="./images/captcha-1.gif" width=270 /> | <img src="./images/captcha-2.gif" width=270 /> |
Auth Challenge | <img src="./images/auth-1.gif" width=270 /> | <img src="./images/auth-2.gif" width=270 /> |
HTML Dynamic Protection | <img src="./images/dynamic-html-1.png" width=270 /> | <img src="./images/dynamic-html-2.png" width=270 /> |
JS Dynamic Protection | <img src="./images/dynamic-js-1.png" width=270 /> | <img src="./images/dynamic-js-2.png" width=270 /> |
๐ Quickstart
[!WARNING] ไธญๅฝๅคง้็จๆทๅฎ่ฃ ๅฝ้ ็ๅฏ่ฝไผๅฏผ่ดๆ ๆณ่ฟๆฅไบๆๅก๏ผ่ฏทๆฅ็ ไธญๆ็ๅฎ่ฃ ๆๆกฃ
๐ฆ Installing
Information on how to install SafeLine can be found in the Install Guide
โ๏ธ Protecting Web Apps
to see Configuration
๐ More Informations
Effect Evaluation
| Metric | ModSecurity, Level 1 | CloudFlare, Free | SafeLine, Balance | SafeLine, Strict |
|---|---|---|---|---|
| Total Samples | 33669 | 33669 | 33669 | 33669 |
| Detection | 69.74% | 10.70% | 71.65% | 76.17% |
| False Positive | 17.58% | 0.07% | 0.07% | 0.22% |
| Accuracy | 82.20% | 98.40% | 99.45% | 99.38% |
Is SafeLine Production-Ready?
Yes, SafeLine is production-ready.
- Over 180,000 installations worldwide
- Protecting over 1,000,000 Websites
- Handling over 30,000,000,000 HTTP Requests Daily
๐โโ๏ธ Community
Join our Discord to get community support, the core team members are identified by the STAFF role in Discord.
- channel #feedback: for new features discussion.
- channel #FAQ: for FAQ.
- channel #general: for any other questions.
Several contact options exist for our community, the primary one being Discord. These are in addition to GitHub issues for creating a new issue.
<p align="left"> <a target="_blank" href="https://discord.gg/SVnZGzHFvn"><img src="https://img.shields.io/badge/Discord-5865F2?style=flat&logo=discord&logoColor=white"></a> <a target="_blank" href="https://x.com/safeline_waf"><img src="https://img.shields.io/badge/X.com-000000?style=flat&logo=x&logoColor=white"></a> <a target="_blank" href="/images/wechat.png"><img src="https://img.shields.io/badge/WeChat-07C160?style=flat&logo=wechat&logoColor=white"></a> </p>๐ช PRO Edition
Coming soon!
๐ License
See LICENSE for details.