First of all, make sure you have successfully installed SafeLine, if not please refer to document Install SafeLine .
¶ Protecting an application
¶ How SafeLine works
SafeLine is a web application firewall developed based on nginx, designed to help web applications defend against network attacks.
Its principle is to act as an http/https reverse proxy, receive network traffic for the original website, then clean the malicious attack traffic and forward the safe and reliable traffic to the original application.
¶ Proxy an application in SafeLine
- Log into the SafeLine Web Admin Console, go to the "Applications" page and click the "Add Application" button in the upper right corner.
- In the next dialog box, enter the information to the original App.
- Domain: domain name of your original App, or hostname, or ip address, for example:
www.chaitin.com. - Port: port that SafeLine will listen, such as 80 or 443. (for
httpsApps, please check theSSLoption). - Upstream: real address of your original App, through which SafeLine will forward traffic to it.
After completing the above settings, please resolve the domain name you just entered to the IP address of the server where SafeLine is located.
Then you can access the application protected by the SafeLine through the domain name like this.
¶ Try to attack your application
Now, your App is protected by SafeLine, let’s try tp attack it and see what happens.
If https://chaitin.com is a website protected by SafeLine, here are some test cases for common attacks:
- SQL Injection:
https://chaitin.com/?id=1+and+1=2+union+select+1 - XSS:
https://chaitin.com/?id=<img+src=x+onerror=alert()> - Path Traversal:
https://chaitin.com/?id=../../../../etc/passwd - Code Injection:
https://chaitin.com/?id=phpinfo();system('id') - XXE:
https://chaitin.com/?id=<?xml+version="1.0"?><!DOCTYPE+foo+SYSTEM+"">
Replace chaitin.com in the above cases with your website domain name and try to access it.
If you see the following blocking page, it means SafeLine successfully helped you defense the attack.
Check the web console of SafeLine to see the attack list
To view the specific details of the attack, click "detail"
