SafeLine
Featuredby
Provides a self‑hosted web application firewall and reverse‑proxy that filters, monitors, and blocks malicious HTTP/S traffic, protecting web applications from attacks such as SQL injection, XSS, brute‑force, bot abuse, and various code injections.
SafeLine Overview
What is SafeLine about?
SafeLine acts as a reverse‑proxy WAF positioned in front of web applications. It inspects inbound and outbound HTTP traffic, applies configurable policies, and blocks or challenges requests that exhibit malicious patterns, thereby reducing the attack surface of the protected services.
How to use SafeLine?
- Deploy: Follow the official Install Guide (linked in the README) to install SafeLine on a server or container.
- Configure Applications: Add each web application through the web UI or configuration files, specifying the upstream origin, domain, and desired protection policies.
- Enable Features: Turn on rate limiting, anti‑bot CAPTCHA, authentication challenges, and dynamic HTML/JS encryption as needed.
- Monitor: Use the built‑in dashboard to view blocked requests, traffic statistics, and adjust rules in real time.
Key Features of SafeLine
- Comprehensive Attack Defense: Blocks SQL injection, XSS, command injection, CRLF, XXE, SSRF, path traversal, RCE, and more.
- Rate Limiting & DoS Protection: IP‑based throttling to mitigate DoS, brute‑force, and traffic‑surge attacks.
- Anti‑Bot & CAPTCHA Challenge: Challenges bots while allowing legitimate users to pass.
- Authentication Challenge: Optional password gate before granting access.
- Dynamic HTML/JS Protection: Encrypts served HTML and JavaScript on each request to hinder content scraping and tampering.
- Web Access Control List: Fine‑grained allow/deny rules based on IP, path, headers, etc.
- Production‑Ready Scale: Claims >180k installations, >1 M protected sites, and >30 B daily requests.
Use Cases of SafeLine
- Enterprise Web Services: Protect internal or public web applications without relying on third‑party cloud WAFs.
- SaaS Platforms: Offer per‑tenant security isolation by routing tenant traffic through SafeLine instances.
- API Gateways: Enforce rate limits and bot challenges on public APIs.
- Small Business Websites: Deploy a cost‑effective, self‑hosted firewall to guard against common web exploits.
- Compliance Requirements: Meet security standards that mandate request inspection and logging.
FAQ from SafeLine
- Q: Does SafeLine support HTTPS termination? A: Yes, it can terminate TLS and forward decrypted traffic to upstream services.
- Q: How is the anti‑bot challenge implemented? A: SafeLine presents a CAPTCHA (image or JavaScript challenge) to suspected bots; successful completion allows the request through.
- Q: Can I customize detection rules? A: Rules are configurable via the UI or YAML/JSON files; you can add custom regex patterns or signature IDs.
- Q: Is there a cloud‑managed version? A: The open‑source edition is self‑hosted; a commercial “PRO” edition is announced for future release.
- Q: What platforms are supported? A: Linux distributions (Docker, binary releases) are officially supported; Windows deployment is not covered.
SafeLine's README
👋 INTRODUCTION
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits.
A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others.
💡 How It Works
By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.
A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but acting as a reverse proxy intermediary that protects the web app server from a potentially malicious client.
its core capabilities include:
- Defenses for web attacks
- Proactive bot abused defense
- HTML & JS code encryption
- IP-based rate limiting
- Web Access Control List
⚡️ Screenshots
Get Live Demo
🔥 FEATURES
List of the main features as follows:
Block Web Attacks- It defenses for all of web attacks, such as
SQL injection,XSS,code injection,os command injection,CRLF injection,XXE,SSRF,path traversaland so on.
- It defenses for all of web attacks, such as
Rate Limiting- Defend your web apps against
DoS attacks,bruteforce attempts,traffic surges, and other types of abuse by throttling traffic that exceeds defined limits.
- Defend your web apps against
Anti-Bot Challenge- Anti-Bot challenges to protect your website from
bot attacks, humen users will be allowed, crawlers and bots will be blocked.
- Anti-Bot challenges to protect your website from
Authentication Challenge- When authentication challenge turned on, visitors need to enter the password, otherwise they will be blocked.
Dynamic Protection- When dynamic protection turned on, html and js codes in your web server will be dynamically encrypted by each time you visit.
🧩 Showcases
| Legitimate User | Malicious User | |
|---|---|---|
Block Web Attacks |
||
Rate Limiting |
||
Anti-Bot Challenge |
||
Auth Challenge |
||
HTML Dynamic Protection |
||
JS Dynamic Protection |
🚀 Quickstart
[!WARNING] 中国大陆用户安装国际版可能会导致无法连接云服务,请查看 中文版安装文档
📦 Installing
Information on how to install SafeLine can be found in the Install Guide
⚙️ Protecting Web Apps
to see Configuration
📋 More Informations
Effect Evaluation
| Metric | ModSecurity, Level 1 | CloudFlare, Free | SafeLine, Balance | SafeLine, Strict |
|---|---|---|---|---|
| Total Samples | 33669 | 33669 | 33669 | 33669 |
| Detection | 69.74% | 10.70% | 71.65% | 76.17% |
| False Positive | 17.58% | 0.07% | 0.07% | 0.22% |
| Accuracy | 82.20% | 98.40% | 99.45% | 99.38% |
Is SafeLine Production-Ready?
Yes, SafeLine is production-ready.
- Over 180,000 installations worldwide
- Protecting over 1,000,000 Websites
- Handling over 30,000,000,000 HTTP Requests Daily
🙋♂️ Community
Join our Discord to get community support, the core team members are identified by the STAFF role in Discord.
- channel #feedback: for new features discussion.
- channel #FAQ: for FAQ.
- channel #general: for any other questions.
Several contact options exist for our community, the primary one being Discord. These are in addition to GitHub issues for creating a new issue.
💪 PRO Edition
Coming soon!
📝 License
See LICENSE for details.
SafeLine Reviews
Login Required
Please log in to share your review and rating for this MCP.
Actions
SafeLine's Information
- Author
- chaitin
- Category
- Identity & Security
- Language
- Go
- License
- GNU General Public License v3.0
- Stars
- 17,563
- Updated
- about 2 months ago
Related MCP Servers
Discover more MCP servers with similar functionality and use cases
Burp MCP Server
by PortSwigger
Integrates Burp Suite with AI clients via the Model Context Protocol, providing a built‑in SSE server and a packaged Stdio proxy for seamless AI‑driven interaction with Burp.
Cycode Cli
by cycodehq
Boost security in the development lifecycle via static application security testing, software composition analysis, secrets detection, and infrastructure‑as‑code scanning.
Auth0
Officialby auth0
Auth0 MCP Server enables AI agents to manage Auth0 tenants using natural language, streamlining tasks like application and user management.
Keycloak MCP
by ChristophEnglisch
keycloak-model-context-protocol is an MCP server implementation for Keycloak user management, enabling AI-powered administration of Keycloak users and realms through the Model Context Protocol (MCP).
OpenCTI
by Spathodea-Network
OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with the OpenCTI (Open Cyber Threat Intelligence) platform, enabling querying and retrieving threat intelligence data through a standardized interface.
Malware Bazaar MCP
by mytechnotalent
Provides real-time threat intelligence and detailed malware sample metadata from Malware Bazaar through an AI‑driven MCP server, enabling authorized cybersecurity research workflows.
Okta
by kapilduraphe
This project provides an Okta MCP (Multi-Cloud Platform) server that enables Claude to interact with Okta's user management system, offering comprehensive user and group management capabilities along with onboarding automation.
Descope
by descope-sample-apps
descope-mcp-server-stdio is a Model Context Protocol (MCP) server that integrates Descope's Management APIs with applications like Claude Desktop. It enables users to manage user data and audit logs directly from their desktop environment.
Authenticator App · 2FA
Officialby firstorderai
authenticator_mcp is a secure server that enables AI agents to retrieve 2FA codes and passwords from the Authenticator App. It automates login processes and enhances security by allowing AI assistants to handle credential retrieval.