SafeLine WAF 101- Configuring Site HTTP Redirection to HTTPS

carrie_luo1

Carrie

Posted on September 19, 2024

SafeLine WAF 101- Configuring Site HTTP Redirection to HTTPS

Prerequisites

  • Self-prepared SSL certificate.
  • The steps to apply for a free personal domain SSL certificate are omitted. Please search for free certificate application tutorials online.
  • You need a .crt file and a .key file.

Deployment Diagram

Image description

Deployment for Reference

My WAF and website are on the same server.

Step 1: Modify the Port of the Application's Nginx

Because the WAF and the web application are on the same server, there will be port conflicts. So, first, change the application's own Nginx port to something other than 80 and 443. I used port 8000, but you can change it to any available port as long as it does not conflict with existing ports on the server.

To view existing ports on the server, use the command:

netstat -an|grep LISTEN|grep -v unix
Enter fullscreen mode Exit fullscreen mode

Change the Nginx listen port from 80 to another port.

Reload the Nginx configuration:

nginx -t 
nginx -s reload
Enter fullscreen mode Exit fullscreen mode

Step 2: Add a Protected Site in SafeLine WAF

Adding an HTTP Site
  • Port: 80
  • Since my WAF and site are on the same server, the upstream server is set to 127.0.0.1:8000. Modify according to your situation.

Image description

Adding an HTTPS Site
  • Port: 443
  • Check SSL and upload the certificate files. Modify according to your situation.
  • The upstream server should point to the same web application address.

Image description

Submit the configuration.

Step 3: Modify SafeLine WAF Nginx Forwarding Configuration

The default path for SafeLine Nginx proxy configuration files is:

/data/safeline/resources/nginx/sites-enabled
Enter fullscreen mode Exit fullscreen mode

Modify the site configuration file corresponding to port 80 to set up redirection from 80 to 443:

# Add this in the server block
rewrite ^(.*)$ https://$host$1 permanent;
Enter fullscreen mode Exit fullscreen mode

Image description

Reload the SafeLine Nginx configuration:

# Test if the Nginx configuration is correct
docker exec -it safeline-tengine /usr/sbin/nginx -t

# Reload the configuration
docker exec -it safeline-tengine /usr/sbin/nginx -s reload
Enter fullscreen mode Exit fullscreen mode

Step 4: Browser Testing

Access http://yoursite.com

Image description

Check if the request is redirected to https://yoursite.com

Image description

It should automatically redirect to HTTPS.

Image description

Here are the links about SafeLine WAF.
Github
Discord
Website

💖 💪 🙅 🚩
carrie_luo1
Carrie

Posted on September 19, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related