https://github.com/chaitin/safeline

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it operates as a reverse proxy to protect your website from hacker attacks.
https://github.com/chaitin/safeline

acl captcha cc docker firewall http-flood modsecurity nginx security security-tools sql-injection waf web-application-firewall web-security xss

Last synced: 24 days ago
JSON representation

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it operates as a reverse proxy to protect your website from hacker attacks.

• Host: GitHub
• URL: https://github.com/chaitin/safeline
• Owner: chaitin
• License: other
• Created: 2023-04-12T11:30:14.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-04-12T09:44:32.000Z (7 months ago)
• Last Synced: 2024-04-13T23:52:22.482Z (7 months ago)
• Topics: acl, captcha, cc, docker, firewall, http-flood, modsecurity, nginx, security, security-tools, sql-injection, waf, web-application-firewall, web-security, xss
• Language: C++
• Homepage: https://waf-ce.chaitin.cn/
• Size: 64.4 MB
• Stars: 8,472
• Watchers: 59
• Forks: 526
• Open Issues: 217
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE.md

Awesome Lists containing this project

• awesome-ops - chaitin/safeline - 3.0|12088|2023-04-12|2024-09-27 | 一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击 | (运维管理平台)
• StarryDivineSky - chaitin/safeline

README

        


  





  SafeLine - Make your web apps secure





  🏠 Website   |  

  📖 Docs   |  

  🔍 Live Demo   |  

  🙋‍♂️ Discord   |  

  中文版



## 👋 INTRODUCTION

SafeLine is a self-hosted **`WAF(Web Application Firewall)`** to protect your web apps from attacks and exploits.

A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as `SQL injection`, `XSS`, `code injection`, `os command injection`, `CRLF injection`, `ldap injection`, `xpath injection`, `RCE`, `XXE`, `SSRF`, `path traversal`, `backdoor`, `bruteforce`, `http-flood`, `bot abused`, among others.

#### 💡 How It Works



By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.

A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but acting as an reverse proxy intermediary that protects the web app server from a potentially malicious client.

its core capabilities include:

- Defenses for web attacks

- Proactive bot abused defense 

- HTML & JS code encryption

- IP-based rate limiting

- Web Access Control List

#### ⚡️ Screenshots

|  |  |

| ------------------------------------------------- | ------------------------------------------------- | 

|  |  | 

Get [Live Demo](https://demo.waf.chaitin.com:9443/)

## 🔥 FEATURES

List of the main features as follows:

- **`Block Web Attacks`**

  - It defenses for all of web attacks, such as `SQL injection`, `XSS`, `code injection`, `os command injection`, `CRLF injection`, `XXE`, `SSRF`, `path traversal` and so on.

- **`Rate Limiting`**

  - Defend your web apps against `DoS attacks`, `bruteforce attempts`, `traffic surges`, and other types of abuse by throttling traffic that exceeds defined limits.

- **`Anti-Bot Challenge`**

  - Anti-Bot challenges to protect your website from `bot attacks`, humen users will be allowed, crawlers and bots will be blocked.

- **`Authentication Challenge`**

  - When authentication challenge turned on, visitors need to enter the password, otherwise they will be blocked.

- **`Dynamic Protection`**

  - When dynamic protection turned on, html and js codes in your web server will be dynamically encrypted by each time you visit.

#### 🧩 Showcases

|                               | Legitimate User                                     | Malicious User                                                   |

| ----------------------------- | --------------------------------------------------- | ---------------------------------------------------------------- | 

| **`Block Web Attacks`**       |        |  |

| **`Rate Limiting`**           |        |  |

| **`Anti-Bot Challenge`**       |       |                      |

| **`Auth Challenge`**          |          |                         |

| **`HTML Dynamic Protection`** |  |               |

| **`JS Dynamic Protection`**   |    |                 | 

## 🚀 Quickstart

> [!WARNING]

> 中国大陆用户安装国际版可能会导致无法连接云服务，请查看 [中文版安装文档](https://docs.waf-ce.chaitin.cn/zh/%E4%B8%8A%E6%89%8B%E6%8C%87%E5%8D%97/%E5%AE%89%E8%A3%85%E9%9B%B7%E6%B1%A0)

#### 📦 Installing

Information on how to install SafeLine can be found in the [Install Guide](https://docs.waf.chaitin.com/en/tutorials/install)

#### ⚙️ Protecting Web Apps

to see [Configuration](https://docs.waf.chaitin.com/en/tutorials/Configuration)

## 📋 More Informations

#### Effect Evaluation

| Metric            | ModSecurity, Level 1 | CloudFlare, Free     | SafeLine, Balance      | SafeLine, Strict      |

| ----------------- | -------------------- | -------------------- | ---------------------- | --------------------- |

| Total Samples     | 33669                | 33669                | 33669                  | 33669                 |

| **Detection**     | 69.74%               | 10.70%               | 71.65%                 | **76.17%**            |

| **False Positive**| 17.58%               | 0.07%                | **0.07%**              | 0.22%                 |

| **Accuracy**      | 82.20%               | 98.40%               | **99.45%**             | 99.38%                |

#### Is SafeLine Production-Ready?

Yes, SafeLine is production-ready.

- Over 180,000 installations worldwide

- Protecting over 1,000,000 Websites

- Handling over 30,000,000,000 HTTP Requests Daily

#### 🙋‍♂️ Community

Join our [Discord](https://discord.gg/SVnZGzHFvn) to get community support, the core team members are identified by the STAFF role in Discord.

- channel [#feedback](https://discord.com/channels/1243085666485534830/1243120292822253598): for new features discussion.

- channel [#FAQ](https://discord.com/channels/1243085666485534830/1263761679619981413): for FAQ.

- channel [#general](https://discord.com/channels/1243085666485534830/1243115843919806486): for any other questions.

Several contact options exist for our community, the primary one being Discord. These are in addition to GitHub issues for creating a new issue.



    

    

  



#### 💪 PRO Edition

Coming soon!

#### 📝 License

See [LICENSE](/LICENSE.md) for details.