{"id":13466075,"url":"https://github.com/chaitin/SafeLine","last_synced_at":"2025-03-25T21:31:13.046Z","repository":{"id":152881398,"uuid":"626896474","full_name":"chaitin/SafeLine","owner":"chaitin","description":"SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.","archived":false,"fork":false,"pushed_at":"2025-03-25T07:40:57.000Z","size":80004,"stargazers_count":15919,"open_issues_count":32,"forks_count":965,"subscribers_count":86,"default_branch":"main","last_synced_at":"2025-03-25T08:53:54.887Z","etag":null,"topics":["api-gateway","application-security","appsec","blueteam","bruteforce","captcha","cve","cybersecurity","firewall","hackers","http-flood","security","self-hosted","sql-injection","vulnerability","waf","web-application-firewall","web-security","websecurity","xss"],"latest_commit_sha":null,"homepage":"https://waf.chaitin.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chaitin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-12T11:30:14.000Z","updated_at":"2025-03-25T08:35:57.000Z","dependencies_parsed_at":"2023-11-21T05:32:21.263Z","dependency_job_id":"20818f96-6b77-4061-8bd3-e1d25704bb10","html_url":"https://github.com/chaitin/SafeLine","commit_stats":{"total_commits":687,"total_committers":32,"mean_commits":21.46875,"dds":0.8136826783114992,"last_synced_commit":"c3f064fa4c13793a39b5d8a0a7012fe8260ca691"},"previous_names":[],"tags_count":108,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chaitin%2FSafeLine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chaitin%2FSafeLine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chaitin%2FSafeLine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chaitin%2FSafeLine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chaitin","download_url":"https://codeload.github.com/chaitin/SafeLine/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245495864,"owners_count":20624808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","application-security","appsec","blueteam","bruteforce","captcha","cve","cybersecurity","firewall","hackers","http-flood","security","self-hosted","sql-injection","vulnerability","waf","web-application-firewall","web-security","websecurity","xss"],"created_at":"2024-07-31T15:00:38.862Z","updated_at":"2025-03-25T21:31:13.039Z","avatar_url":"https://github.com/chaitin.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"/images/banner.png\" width=\"400\" /\u003e\n\u003c/p\u003e\n\n\u003ch4 align=\"center\"\u003e\n  SafeLine - Make your web apps secure\n\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca target=\"_blank\" href=\"https://waf.chaitin.com/\"\u003e🏠 Website\u003c/a\u003e \u0026nbsp; | \u0026nbsp;\n  \u003ca target=\"_blank\" href=\"https://docs.waf.chaitin.com/\"\u003e📖 Docs\u003c/a\u003e \u0026nbsp; | \u0026nbsp;\n  \u003ca target=\"_blank\" href=\"https://demo.waf.chaitin.com:9443/\"\u003e🔍 Live Demo\u003c/a\u003e \u0026nbsp; | \u0026nbsp;\n  \u003ca target=\"_blank\" href=\"https://discord.gg/SVnZGzHFvn\"\u003e🙋‍♂️ Discord\u003c/a\u003e \u0026nbsp; | \u0026nbsp;\n  \u003ca target=\"_blank\" href=\"/README_CN.md\"\u003e中文版\u003c/a\u003e\n\u003c/p\u003e\n\n## 👋 INTRODUCTION\n\nSafeLine is a self-hosted **`WAF(Web Application Firewall)`** to protect your web apps from attacks and exploits.\n\nA web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as `SQL injection`, `XSS`, `code injection`, `os command injection`, `CRLF injection`, `ldap injection`, `xpath injection`, `RCE`, `XXE`, `SSRF`, `path traversal`, `backdoor`, `bruteforce`, `http-flood`, `bot abused`, among others.\n\n#### 💡 How It Works\n\n\u003cimg src=\"/images/how-it-works.png\" width=\"800\" /\u003e\n\nBy deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\n\nA WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but acting as a reverse proxy intermediary that protects the web app server from a potentially malicious client.\n\nits core capabilities include:\n\n- Defenses for web attacks\n- Proactive bot abused defense \n- HTML \u0026 JS code encryption\n- IP-based rate limiting\n- Web Access Control List\n\n#### ⚡️ Screenshots\n\n| \u003cimg src=\"./images/screenshot-1.png\" width=370 /\u003e | \u003cimg src=\"./images/screenshot-2.png\" width=370 /\u003e |\n| ------------------------------------------------- | ------------------------------------------------- | \n| \u003cimg src=\"./images/screenshot-3.png\" width=370 /\u003e | \u003cimg src=\"./images/screenshot-4.png\" width=370 /\u003e | \n\nGet [Live Demo](https://demo.waf.chaitin.com:9443/)\n\n## 🔥 FEATURES\n\nList of the main features as follows:\n\n- **`Block Web Attacks`**\n  - It defenses for all of web attacks, such as `SQL injection`, `XSS`, `code injection`, `os command injection`, `CRLF injection`, `XXE`, `SSRF`, `path traversal` and so on.\n- **`Rate Limiting`**\n  - Defend your web apps against `DoS attacks`, `bruteforce attempts`, `traffic surges`, and other types of abuse by throttling traffic that exceeds defined limits.\n- **`Anti-Bot Challenge`**\n  - Anti-Bot challenges to protect your website from `bot attacks`, humen users will be allowed, crawlers and bots will be blocked.\n- **`Authentication Challenge`**\n  - When authentication challenge turned on, visitors need to enter the password, otherwise they will be blocked.\n- **`Dynamic Protection`**\n  - When dynamic protection turned on, html and js codes in your web server will be dynamically encrypted by each time you visit.\n\n#### 🧩 Showcases\n\n|                               | Legitimate User                                     | Malicious User                                                   |\n| ----------------------------- | --------------------------------------------------- | ---------------------------------------------------------------- | \n| **`Block Web Attacks`**       | \u003cimg src=\"./images/skeleton.png\" width=270 /\u003e       | \u003cimg src=\"./images/blocked-for-attack-detected.png\" width=270 /\u003e |\n| **`Rate Limiting`**           | \u003cimg src=\"./images/skeleton.png\" width=270 /\u003e       | \u003cimg src=\"./images/blocked-for-access-too-fast.png\" width=270 /\u003e |\n| **`Anti-Bot Challenge`**       | \u003cimg src=\"./images/captcha-1.gif\" width=270 /\u003e      | \u003cimg src=\"./images/captcha-2.gif\" width=270 /\u003e                     |\n| **`Auth Challenge`**          | \u003cimg src=\"./images/auth-1.gif\" width=270 /\u003e         | \u003cimg src=\"./images/auth-2.gif\" width=270 /\u003e                        |\n| **`HTML Dynamic Protection`** | \u003cimg src=\"./images/dynamic-html-1.png\" width=270 /\u003e | \u003cimg src=\"./images/dynamic-html-2.png\" width=270 /\u003e              |\n| **`JS Dynamic Protection`**   | \u003cimg src=\"./images/dynamic-js-1.png\" width=270 /\u003e   | \u003cimg src=\"./images/dynamic-js-2.png\" width=270 /\u003e                | \n\n## 🚀 Quickstart\n\n\u003e [!WARNING]\n\u003e 中国大陆用户安装国际版可能会导致无法连接云服务，请查看 [中文版安装文档](https://docs.waf-ce.chaitin.cn/zh/%E4%B8%8A%E6%89%8B%E6%8C%87%E5%8D%97/%E5%AE%89%E8%A3%85%E9%9B%B7%E6%B1%A0)\n\n#### 📦 Installing\n\nInformation on how to install SafeLine can be found in the [Install Guide](https://docs.waf.chaitin.com/en/tutorials/install)\n\n#### ⚙️ Protecting Web Apps\n\nto see [Configuration](https://docs.waf.chaitin.com/en/tutorials/Configuration)\n\n## 📋 More Informations\n\n#### Effect Evaluation\n\n| Metric            | ModSecurity, Level 1 | CloudFlare, Free     | SafeLine, Balance      | SafeLine, Strict      |\n| ----------------- | -------------------- | -------------------- | ---------------------- | --------------------- |\n| Total Samples     | 33669                | 33669                | 33669                  | 33669                 |\n| **Detection**     | 69.74%               | 10.70%               | 71.65%                 | **76.17%**            |\n| **False Positive**| 17.58%               | 0.07%                | **0.07%**              | 0.22%                 |\n| **Accuracy**      | 82.20%               | 98.40%               | **99.45%**             | 99.38%                |\n\n\n#### Is SafeLine Production-Ready?\n\nYes, SafeLine is production-ready.\n\n- Over 180,000 installations worldwide\n- Protecting over 1,000,000 Websites\n- Handling over 30,000,000,000 HTTP Requests Daily\n\n#### 🙋‍♂️ Community\n\nJoin our [Discord](https://discord.gg/SVnZGzHFvn) to get community support, the core team members are identified by the STAFF role in Discord.\n\n- channel [#feedback](https://discord.com/channels/1243085666485534830/1243120292822253598): for new features discussion.\n- channel [#FAQ](https://discord.com/channels/1243085666485534830/1263761679619981413): for FAQ.\n- channel [#general](https://discord.com/channels/1243085666485534830/1243115843919806486): for any other questions.\n\nSeveral contact options exist for our community, the primary one being Discord. These are in addition to GitHub issues for creating a new issue.\n\n\u003cp align=\"left\"\u003e\n  \u003ca target=\"_blank\" href=\"https://discord.gg/SVnZGzHFvn\"\u003e\u003cimg src=\"https://img.shields.io/badge/Discord-5865F2?style=flat\u0026logo=discord\u0026logoColor=white\"\u003e\u003c/a\u003e \u0026nbsp;\n  \u003ca target=\"_blank\" href=\"https://x.com/safeline_waf\"\u003e\u003cimg src=\"https://img.shields.io/badge/X.com-000000?style=flat\u0026logo=x\u0026logoColor=white\"\u003e\u003c/a\u003e \u0026nbsp;\n  \u003ca target=\"_blank\" href=\"/images/wechat.png\"\u003e\u003cimg src=\"https://img.shields.io/badge/WeChat-07C160?style=flat\u0026logo=wechat\u0026logoColor=white\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n#### 💪 PRO Edition\n\nComing soon!\n\n#### 📝 License\n\nSee [LICENSE](/LICENSE.md) for details.\n","funding_links":[],"categories":["Go","self-hosted","Table of Contents","🏢 Companies \u0026 Solutions","Web安全","\u003ca name=\"Go\"\u003e\u003c/a\u003eGo"],"sub_categories":["Firewall","🔐 AI Content Security \u0026 Safeguards"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchaitin%2FSafeLine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchaitin%2FSafeLine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchaitin%2FSafeLine/lists"}