SafeLine
Featuredby
A self‑hosted web application firewall and reverse proxy that protects web applications from attacks and exploits by filtering, monitoring, and blocking malicious HTTP/S traffic.
SafeLine Overview
What is SafeLine about?
SafeLine provides a reverse‑proxy‑based WAF that sits in front of web applications, shielding them from a wide range of web attacks such as SQL injection, XSS, code injection, RCE, SSRF, path traversal, brute‑force attempts, HTTP flood, and bot abuse.
How to use SafeLine?
- Installation – Follow the official Install Guide (online documentation) to deploy SafeLine on your server. The project can be run as a standalone binary or via container images.
- Configuration – Add applications through the web UI or edit the configuration files to define protected domains, backend services, and security policies.
- Enable protections – Turn on features like rate limiting, anti‑bot challenges, authentication challenges, and dynamic HTML/JS encryption as needed.
- Monitor – Use the built‑in dashboard to view traffic, blocked attacks, and performance metrics.
Key Features of SafeLine
- Comprehensive Attack Mitigation – Covers SQL injection, XSS, code/OS command injection, CRLF, XXE, SSRF, path traversal, RCE, backdoors, etc.
- Rate Limiting – Protects against DoS, brute‑force, and traffic spikes.
- Anti‑Bot & CAPTCHA – Challenges bots while allowing legitimate users.
- Authentication Challenge – Optional password gate before traffic reaches the app.
- Dynamic HTML/JS Encryption – Encrypts client‑side code on the fly for added obfuscation.
- IP‑Based Access Control Lists – Fine‑grained whitelist/blacklist.
- Production‑Ready Stats – Over 180k installations, 1M+ websites protected, 30B+ requests processed daily.
Use Cases
- Enterprise Web Services – Secure public‑facing APIs and portals without relying on third‑party cloud WAFs.
- E‑commerce Platforms – Mitigate fraud, bot scraping, and credential stuffing attacks.
- SaaS Applications – Provide per‑tenant protection with customizable rate limits and challenges.
- Compliance‑Driven Environments – Meet security requirements by filtering malicious traffic at the network edge.
FAQ
- Is SafeLine free? – Yes, the core edition is open‑source and production‑ready. A PRO edition is planned for future release.
- Can it run behind another reverse proxy (e.g., Nginx)? – SafeLine itself acts as a reverse proxy; you can place it upstream of other proxies if desired.
- How does dynamic protection work? – When enabled, SafeLine encrypts HTML and JavaScript on each request, delivering obfuscated code that is decrypted in the browser.
- What platforms are supported? – Linux binaries and Docker images are provided; the project is self‑hosted and does not depend on a specific cloud provider.
- Where can I get support? – Community Discord, GitHub Issues, and the official documentation site.
SafeLine's README
👋 INTRODUCTION
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits.
A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others.
💡 How It Works
By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.
A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but acting as a reverse proxy intermediary that protects the web app server from a potentially malicious client.
its core capabilities include:
- Defenses for web attacks
- Proactive bot abused defense
- HTML & JS code encryption
- IP-based rate limiting
- Web Access Control List
⚡️ Screenshots
Get Live Demo
🔥 FEATURES
List of the main features as follows:
Block Web Attacks- It defenses for all of web attacks, such as
SQL injection,XSS,code injection,os command injection,CRLF injection,XXE,SSRF,path traversaland so on.
- It defenses for all of web attacks, such as
Rate Limiting- Defend your web apps against
DoS attacks,bruteforce attempts,traffic surges, and other types of abuse by throttling traffic that exceeds defined limits.
- Defend your web apps against
Anti-Bot Challenge- Anti-Bot challenges to protect your website from
bot attacks, humen users will be allowed, crawlers and bots will be blocked.
- Anti-Bot challenges to protect your website from
Authentication Challenge- When authentication challenge turned on, visitors need to enter the password, otherwise they will be blocked.
Dynamic Protection- When dynamic protection turned on, html and js codes in your web server will be dynamically encrypted by each time you visit.
🧩 Showcases
| Legitimate User | Malicious User | |
|---|---|---|
Block Web Attacks |
||
Rate Limiting |
||
Anti-Bot Challenge |
||
Auth Challenge |
||
HTML Dynamic Protection |
||
JS Dynamic Protection |
🚀 Quickstart
[!WARNING] 中国大陆用户安装国际版可能会导致无法连接云服务,请查看 中文版安装文档
📦 Installing
Information on how to install SafeLine can be found in the Install Guide
⚙️ Protecting Web Apps
to see Configuration
📋 More Informations
Effect Evaluation
| Metric | ModSecurity, Level 1 | CloudFlare, Free | SafeLine, Balance | SafeLine, Strict |
|---|---|---|---|---|
| Total Samples | 33669 | 33669 | 33669 | 33669 |
| Detection | 69.74% | 10.70% | 71.65% | 76.17% |
| False Positive | 17.58% | 0.07% | 0.07% | 0.22% |
| Accuracy | 82.20% | 98.40% | 99.45% | 99.38% |
Is SafeLine Production-Ready?
Yes, SafeLine is production-ready.
- Over 180,000 installations worldwide
- Protecting over 1,000,000 Websites
- Handling over 30,000,000,000 HTTP Requests Daily
🙋♂️ Community
Join our Discord to get community support, the core team members are identified by the STAFF role in Discord.
- channel #feedback: for new features discussion.
- channel #FAQ: for FAQ.
- channel #general: for any other questions.
Several contact options exist for our community, the primary one being Discord. These are in addition to GitHub issues for creating a new issue.
💪 PRO Edition
Coming soon!
📝 License
See LICENSE for details.
SafeLine Reviews
Login Required
Please log in to share your review and rating for this MCP.
Actions
Similar MCP Servers like SafeLine
Explore related MCPs that share similar capabilities and solve comparable challenges
Burp MCP Server
by PortSwigger
Enables Burp Suite to communicate with AI clients via the Model Context Protocol, providing an MCP server and bundled stdio proxy.
Cycode CLI
by cycodehq
Boost security in the development lifecycle via SAST, SCA, secrets, and IaC scanning.
Keycloak MCP Server
by ChristophEnglisch
Provides AI‑powered administration of Keycloak users and realms through the Model Context Protocol, enabling automated creation, deletion, and listing of users and realms from MCP clients such as Claude Desktop.
OpenCTI MCP Server
by Spathodea-Network
Provides a Model Context Protocol server that enables querying and retrieving threat intelligence data from OpenCTI through a standardized interface.
Authenticator App MCP Server
Officialby firstorderai
Provides seamless access to two‑factor authentication codes and passwords for AI agents, enabling automated login while maintaining security.
OPNSense MCP Server
by vespo92
Manage OPNsense firewalls through conversational AI, providing network configuration, device discovery, DNS filtering, HAProxy setup, and backup/restore via simple commands.
MalwareBazaar MCP
by mytechnotalent
Provides an AI-driven interface to Malware Bazaar, delivering real-time threat intelligence and sample metadata for authorized cybersecurity research workflows.
Attestable MCP Server
by co-browser
Verify that any MCP server is running the intended and untampered code via hardware attestation.
Shodan Mcp
by Hexix23
Provides a powerful interface to the Shodan API, enabling advanced search, host intelligence, vulnerability discovery, and network mapping for security research.