How SafeLine Turns Your Server into a Zero‑Config WAF in 3 Minutes

Key Features

Zero‑configuration out‑of‑the‑box : default policies block most common attacks without writing rules.

Full‑scenario attack interception : detects SQL injection, XSS, malicious crawlers, brute‑force attempts, and AI‑generated payloads.

Lightweight operation : runs on a single CPU core with 512 MB RAM.

Open‑source and customizable : source code is public; custom rules (e.g., region‑based IP blocking) can be added.

Protection Scenarios

SQL Injection Blocking

A payload ' or 1=1 -- was blocked within 0.1 seconds, returning a 403 response and logging the attacker’s IP.

SafeLine’s intelligent learning analyzes normal request patterns and blocks anomalous or AI‑obfuscated injection attempts that static rule‑based WAFs miss.

Malicious Crawler Mitigation

Rate‑limit of 10 requests per minute per IP combined with browser‑fingerprint verification blocks non‑browser scripts, reducing bandwidth consumption by roughly 40%.

Brute‑Force Login Protection

Configurable rule such as “5 failed attempts → block IP for 24 h” automatically generates a high‑risk IP list for manual blacklisting.

Quick Start (Three Steps)

Step 1 – Deploy (Docker)

docker run -d --name safeline --restart always \
  -p 80:80 -p 443:443 -p 9443:9443 \
  -v /safeline:/var/lib/safeline \
  chaitin/safeline:latest

Step 2 – Basic Configuration

Open https://<em>SERVER_IP</em>:9443 to access the admin console (default credentials are documented).

Add a site by entering its domain or IP, e.g., https://www.example.com.

Select “Default Protection” for out‑of‑the‑box rules or “Custom Mode” to fine‑tune policies.

Step 3 – Verify Protection

View the “Attack Log” to see source IP, payload, and target page for each blocked request.

Check the “Statistics Report” for daily interception counts and attack‑type distribution.

If a legitimate request is blocked, add it to the whitelist.

Source Repository

GitHub: https://github.com/chaitin/SafeLine