A Brief Experience with SafeLine WAF Pro Edition
Lulu
Posted on August 15, 2024
This post is a simple record of my experience with the Professional Edition of SafeLine WAF. I hope it can provide some reference for users considering a paid version.
Website: https://waf.chaitin.com
Who is the Professional Edition for?
- Small to medium-sized businesses or individual website owners who have high security requirements but lack a dedicated security team.
- Users who don't want to invest in high-end security services from cloud providers due to budget constraints.
- Those who have used SafeLine Community Edition WAF and now have commercial needs.
Who is the Professional Edition not suitable for?
- Large enterprises with complex websites and access policies.
- Customers who need WAF integration via transparent, routed, bypass, or bridge modes.
- Users requiring hardware-based or cloud-native WAF delivery.
- Those with higher availability needs (load balancing, multi-active, Bypass).
- Users who expect faster technical support response times.
- Organizations with regulatory compliance needs.
What I Care About the Most
My top priority is security, so I hope SafeLine can withstand initial attacks. Additionally, I have some internal services that I want to selectively expose to the public, such as web access after authentication and API endpoint protection.
Before using SafeLine, I relied on Nginx + ModSecurity as my WAF solution. However, with ModSecurity being deprecated, I urgently needed an alternative. I preferred a WAF that still centers around Nginx and is developed by a team or individual with a strong security background.
Optimized Features in SafeLine Professional Edition
Let's take a closer look at some standout features in the Professional Edition compared to the Community Edition.
1.Enhanced IP and Threat Intelligence Databases
The Professional Edition improves the accuracy of the IP database, utilizing a commercial threat intelligence database and a more precise geolocation IP database. This enhancement significantly boosts our ability to create location-based security policies.
2.Customizable Block Pages
You can now customize block pages to match different website access statuses or security policies. This feature allows you to hide SafeLine traces that might expose vulnerabilities, reducing supply chain risks.
3.Backend Service Load Balancing
The WAF can now distribute traffic across backend services, supporting three load-balancing algorithms: round-robin, least connections, and IP hash.
4.Multi-Admin Support
Tailored for small to medium-sized businesses, the SafeLine console now supports password login and multiple user configurations.
5.Export and Forward Attack Logs
You can export attack logs as CSV files. Remember that these files are encoded in UTF-8, so if you're using Excel, convert them to GB2312 to avoid garbled text. The new 5.1.0 version also supports log forwarding, for example, forwarding logs via rsyslog to ClickHouse for later analysis.
6.Faster Technical Support
SafeLine provides prioritized support for the Professional Edition over the Community Edition, with dedicated user groups, offering a much better experience.
Test Environment Overview
- CPU: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz
- VM Configuration: 2 cores, 2 GB RAM
- Virtualization: Microsoft Hyper-V
- OS: Ubuntu 22.04.4 LTS
My SafeLine instance is deployed on a cloud server dedicated solely to this WAF.
Security Testing
I opted for a security assessment tool, which scans for common and popular web vulnerabilities. I set up a test site behind SafeLine WAF, with an Nginx backend. If SafeLine fails to intercept an attack, the backend Nginx would log the requests. With all SafeLine policies enabled, let's see how many requests reach the backend.
SafeLine intercepted 425 requests and allowed 68 requests to pass through.
Given that all policies were enabled, what kinds of requests were allowed?
It seems SafeLine intelligently analyzed the semantics and determined that I might be accessing the management interface. SafeLine observed the request and avoided blocking it, preventing a false positive. The other allowed requests also seemed harmless.
Does SafeLine consume too many resources when inspecting attacks? During testing, I monitored the load on the SafeLine WAF server, and it stayed within an acceptable range.
Conclusion
SafeLine Professional Edition's optimized features make it a cost-effective choice for small to medium-sized businesses looking to enhance their network security. Chaitin’s solid security background, coupled with a reasonable price, makes it worth considering.
The combination of custom rules and intelligent semantic analysis minimizes false positives while providing robust security. Though I encountered some minor issues during testing, I remain in contact with the SafeLine team, who are actively working on further improvements.
Website: https://waf.chaitin.com
GitHub: https://github.com/chaitin/SafeLine
Discord: https://discord.gg/3aRJ4qfwjA
Posted on August 15, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
August 20, 2024