chaitin/SafeLine
Fork: 838 Star: 13673 (更新于 2024-12-07 20:29:20)
license: GPL-3.0
Language: Go .
serve as a reverse proxy to protect your web services from attacks and exploits.
最后发布版本: v7.3.0 ( 2024-12-06 13:23:19)
SafeLine - Make your web apps secure
🏠 Website | 📖 Docs | 🔍 Live Demo | 🙋♂️ Discord | 中文版
👋 INTRODUCTION
SafeLine is a self-hosted WAF(Web Application Firewall)
to protect your web apps from attacks and exploits.
A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection
, XSS
, code injection
, os command injection
, CRLF injection
, ldap injection
, xpath injection
, RCE
, XXE
, SSRF
, path traversal
, backdoor
, bruteforce
, http-flood
, bot abused
, among others.
💡 How It Works
By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.
A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but acting as an reverse proxy intermediary that protects the web app server from a potentially malicious client.
its core capabilities include:
- Defenses for web attacks
- Proactive bot abused defense
- HTML & JS code encryption
- IP-based rate limiting
- Web Access Control List
⚡️ Screenshots
Get Live Demo
🔥 FEATURES
List of the main features as follows:
-
Block Web Attacks
- It defenses for all of web attacks, such as
SQL injection
,XSS
,code injection
,os command injection
,CRLF injection
,XXE
,SSRF
,path traversal
and so on.
- It defenses for all of web attacks, such as
-
Rate Limiting
- Defend your web apps against
DoS attacks
,bruteforce attempts
,traffic surges
, and other types of abuse by throttling traffic that exceeds defined limits.
- Defend your web apps against
-
Anti-Bot Challenge
- Anti-Bot challenges to protect your website from
bot attacks
, humen users will be allowed, crawlers and bots will be blocked.
- Anti-Bot challenges to protect your website from
-
Authentication Challenge
- When authentication challenge turned on, visitors need to enter the password, otherwise they will be blocked.
-
Dynamic Protection
- When dynamic protection turned on, html and js codes in your web server will be dynamically encrypted by each time you visit.
🧩 Showcases
Legitimate User | Malicious User | |
---|---|---|
Block Web Attacks |
||
Rate Limiting |
||
Anti-Bot Challenge |
||
Auth Challenge |
||
HTML Dynamic Protection |
||
JS Dynamic Protection |
🚀 Quickstart
[!WARNING] 中国大陆用户安装国际版可能会导致无法连接云服务,请查看 中文版安装文档
📦 Installing
Information on how to install SafeLine can be found in the Install Guide
⚙️ Protecting Web Apps
to see Configuration
📋 More Informations
Effect Evaluation
Metric | ModSecurity, Level 1 | CloudFlare, Free | SafeLine, Balance | SafeLine, Strict |
---|---|---|---|---|
Total Samples | 33669 | 33669 | 33669 | 33669 |
Detection | 69.74% | 10.70% | 71.65% | 76.17% |
False Positive | 17.58% | 0.07% | 0.07% | 0.22% |
Accuracy | 82.20% | 98.40% | 99.45% | 99.38% |
Is SafeLine Production-Ready?
Yes, SafeLine is production-ready.
- Over 180,000 installations worldwide
- Protecting over 1,000,000 Websites
- Handling over 30,000,000,000 HTTP Requests Daily
🙋♂️ Community
Join our Discord to get community support, the core team members are identified by the STAFF role in Discord.
- channel #feedback: for new features discussion.
- channel #FAQ: for FAQ.
- channel #general: for any other questions.
Several contact options exist for our community, the primary one being Discord. These are in addition to GitHub issues for creating a new issue.
💪 PRO Edition
Coming soon!
📝 License
See LICENSE for details.
最近版本更新:(数据更新于 2024-12-07 20:19:25)
2024-12-06 13:23:19 v7.3.0
2024-10-31 18:40:44 v7.1.0
2024-10-21 14:51:02 v7.0.1
2024-09-27 14:40:36 v6.10.2
2024-09-13 18:01:39 v6.9.0
2024-08-29 19:34:55 v6.8.0
2024-08-16 19:06:57 v6.6.0
2024-08-08 17:38:49 v6.5.0
2024-08-02 16:01:58 v6.4.1
2024-08-01 21:01:10 v6.4.0
主题(topics):
api-gateway, application-security, appsec, blueteam, bruteforce, captcha, cve, cybersecurity, firewall, hackers, http-flood, security, self-hosted, sql-injection, vulnerability, waf, web-application-firewall, web-security, websecurity, xss
chaitin/SafeLine同语言 Go最近更新仓库
2024-12-22 07:52:58 navidrome/navidrome
2024-12-21 20:15:12 SagerNet/sing-box
2024-12-21 03:25:54 SpecterOps/BloodHound
2024-12-19 23:11:24 shadow1ng/fscan
2024-12-19 21:50:56 minio/minio
2024-12-19 10:04:39 istio/istio