DEV Community

Carrie
Carrie

Posted on

2 1 1 1 1

First Experience with an Open-Source Web Application Firewall – SafeLine

#waf #opensource #websecurity #beginners

This article is written by an excellent SafeLine user, Sutharinee Ritthidetch.

Original link:
https://www.linkedin.com/pulse/my-first-experience-open-source-web-application-waf-ritthidetch-bv6bf/

As part of my senior project, I’m researching how well Web Application Firewalls (WAFs) can protect web applications. I had never used a WAF before, so I didn’t know where to begin.

My supervisor, Tuul Triyason recommended 3 WAF options. After comparing their ease of use for beginners and the quality of their documentation, our group selected SafeLine WAF (developed by Chaitin Technology) as the focus of our research. - https://ly.safepoint.cloud/aMx9T1U

First-Time Experience:

🛠️ Installation was very easy - SafeLine is deployed using Docker, and the installation takes just a few minutes, by following the documentation from this website: https://docs.waf.chaitin.com/en/GetStarted/Deploy

Image description

🌐 The web interface is very user-friendly - even with no experience with WAF, I was able to navigate everything easily.
💡 I can configure custom security rules without needing to write code.

Image description

Fast detection – SafeLine detects attacks very quickly! It detects something suspicious, it blocks that action immediately.

Image description

🔥 Real-time monitoring – I could see attack logs in real time as the attacks were coming in. It can also be configured to send alerts to Discord or Telegram when an attack is detected.

Image description

🔍 I can also view the type of attack, whether the request was blocked or just audited and details of each request in the logs, including the malicious payload, IP address, etc.

Image description

Image description

In my research, I’m using SafeLine WAF to:

⛔ Evaluate how well SafeLine can block attacks that I have selected from the OWASP Top 10, such as XSS and SQL injection.

⚙️ Evaluate the request-handling capacity and resource usage (CPU and memory) of WAF under different VM configurations (CPU and memory).

⏫ Trying out custom rules to see how they improve security for a web application.

❗ Learning how rate limiting helps reduce risk, such as in brute-force attacks.

Image description
Rate-Limiting

I’m still learning how to use SafeLine WAF. I’ll share more updates as I try more features and learn new things during my research project. 😊

📘 Project Contributors

Supervisor: Asst. Prof. Dr. Tuul Triyason Tuul Triyason
Students:

  1. Sutharinee Riithidetch https://www.linkedin.com/in/sutharinee-ritthidetch/
  2. Arissara Sanyaboot https://www.linkedin.com/in/arissara-sanyaboot-877a14361/
profile
Heroku
 Promoted

Heroku

Deploy with ease. Manage efficiently. Scale faster.

Leave the infrastructure headaches to us, while you focus on pushing boundaries, realizing your vision, and making a lasting impression on your users.

Get Started

Top comments (0)

profile
ACI.dev
 Promoted

ACI image

ACI.dev: Fully Open-source AI Agent Tool-Use Infra (Composio Alternative)

100% open-source tool-use platform (backend, dev portal, integration library, SDK/MCP) that connects your AI agents to 600+ tools with multi-tenant auth, granular permissions, and access through direct function calling or a unified MCP server.

Check out our GitHub!

👋 Kindness is contagious

Dive into this insightful write-up, celebrated within the collaborative DEV Community. Developers at any stage are invited to contribute and elevate our shared skills.

A simple "thank you" can boost someone’s spirits—leave your kudos in the comments!

On DEV, exchanging ideas fuels progress and deepens our connections. If this post helped you, a brief note of thanks goes a long way.

Okay