SafeLine is a free and open source Web Application Firewall (WAF) developed by Chaitin Tech. It’s lightweight, powerful, and offers enterprise-grade protection against a wide range of attacks — SQLi, XSS, RCE, SSRF, Path Traversal, and more.
🚀 Quick Deployment with Docker
mkdir -p "/data/safeline"
cd "/data/safeline"
wget "https://waf-ce.chaitin.cn/release/latest/compose.yaml"
# Edit environment variables
vi .env
.env sample:
SAFELINE_DIR=/data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline
ARCH_SUFFIX=
RELEASE=
REGION=
Start SafeLine:
docker compose up -d
🔒 How It Works
Without SafeLine:
User → Web Server
With SafeLine:
User → SafeLine (reverse proxy) → Web Server
Just like Nginx, it sits in front of your app and inspects every request.
🧑💻 Admin Console
# Reset admin password
docker exec safeline-mgt resetadmin
Access the console at:
https://<your-ip>:9443
🌐 Add Sites & Free HTTPS Certificates
- Go to
Applications→Add Application - Forward port
80and443to your backend service - Works like a transparent reverse proxy
- Supports Let's Encrypt with auto-renew — just enter the domain!
Bonus: Enable Auto HTTP to HTTPS redirect under Global Config.
🛡️ Protection Modes
Choose your site's defense level:
- Defense: Block all attacks
- Audited: Only log suspicious behavior
- Offline: Show a maintenance page
A session ID sl-session is injected for tracking.
🌍 Join the Community
Stay tuned for Part 2, where we test SafeLine with real attack payloads and benchmark it against Cloudflare, ModSecurity, and others.
Top comments (0)