How to Configure HTTPS and DDoS Protection with SafeLine WAF

lulu_liu_c90f973e2f954d7f

Lulu

Posted on September 6, 2024

How to Configure HTTPS and DDoS Protection with SafeLine WAF

The SafeLine WAF provides a robust defense for websites, making it an ideal solution for individuals and small businesses looking to enhance their web security. In this guide, I'll walk you through the basic setup and configuration of SafeLine, including HTTP and HTTPS domain protection, certificate management, and attack simulation testing.

Once SafeLine WAF is installed, you can access the dashboard through the following URL: https://192.168.xx.xx:9443/dashboard

Image description

For detailed official documentation, visit: SafeLine WAF Configuration Guide


1. Adding an HTTP Domain for Protection

SafeLine uses port 80 by default for HTTP traffic. In my case, since both SafeLine and my Nginx server were hosted on the same machine, I had to change Nginx's port to 81 to avoid conflicts, as SafeLine needs to use ports 80 and 443.

Image description

To add a domain for protection:

  • Add the domain in the SafeLine dashboard.
  • Modify your local hosts file for testing and access the site via the new domain. You should notice incoming traffic being monitored.

Image description

Before accessing: 126 requests

Image description

After accessing: 127 requests

Image description


2. Adding an HTTPS Domain and Certificate Management

HTTP typically uses port 80, while HTTPS uses port 443. To secure your site with HTTPS, you'll need to upload a certificate.

To upload a certificate:

  1. Go to Web services -> SSL Cert -> Add Cert.

Image description

Image description

  1. SafeLine will automatically recognize the domain associated with the certificate. If you don’t have one, you can also create a self-signed certificate.

Initially, I attempted to use an existing Nginx certificate, but I encountered an x509 error due to a certificate format issue:

nginx: [emerg] PEM_read_bio_X509_AUX("xxxxxxxx.pem") failed (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)
nginx: configuration file nginx.conf test failed
Enter fullscreen mode Exit fullscreen mode

To resolve this, I generated a self-signed certificate using the following command:

openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=beijing/L=beijing/O=ceshi/OU=devops/CN=test.com"
Enter fullscreen mode Exit fullscreen mode

With the certificate in place:

Image description


3. Testing WAF Protection

To test if SafeLine is working correctly, you can manually simulate some common web attacks. Open your browser and visit the following URLs to trigger SafeLine’s protection:

  • Simulate SQL Injection: http://<IP or Domain>:<Port>/?id=1%20AND%201=1
  • Simulate XSS (Cross-Site Scripting): http://<IP or Domain>:<Port>/?html=<script>

SafeLine should detect and block these requests. If an attack isn't blocked, refer to the documentation for troubleshooting guidance on protection issues.

During my test, SafeLine successfully blocked the SQL injection attack and logged the IP address involved.

Image description

Image description


4. Defending Against DDoS Attacks

To protect against high-frequency traffic, such as DDoS attacks, enable the Frequency Limiting feature:

  • Go to Protection Configuration -> Frequency Limiting and set the appropriate thresholds.

To test this, I wrote a script that simulates high-frequency requests. SafeLine detected and blocked the attack by banning the IP.

Example script:

#!/bin/bash
for (( i=1;i<=20;i++ )); do
  curl -s --resolve "test.waf.com:80:192.168.108.141" http://test.waf.com/?id=1%20AND%201=${i} >> /dev/null
done
Enter fullscreen mode Exit fullscreen mode

Image description


5. Enabling CAPTCHA Verification

To prevent automated attacks, you can enable CAPTCHA verification for suspicious requests:

  • Navigate to Web Services -> Protections -> Add Rules and configure it as per your needs.

Image description

Image description


6. Log Management and Additional Features

For additional documentation, refer to the official SafeLine WAF guide.

While the SafeLine Community Edition has fewer features than cloud-based or enterprise-level WAFs, it provides sufficient protection for personal websites. For more advanced functionality, I recommend exploring the official documentation.

You can also access service logs in the /usr/local/safeline directory. If any errors occur, checking the logs can help identify the issue.

Image description

Image description

For example, when I encountered the certificate format problem, I found useful error messages in the Nginx logs:

tail -fn 100 tcd.log
Enter fullscreen mode Exit fullscreen mode

Image description

💖 💪 🙅 🚩
lulu_liu_c90f973e2f954d7f
Lulu

Posted on September 6, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related