explaingit

chaitin/safeline

📈 Trending21,316GoAudience · ops devopsComplexity · 4/5ActiveLicenseSetup · moderate

TLDR

Self-hosted Web Application Firewall that sits between the internet and your web server, blocking SQL injection, XSS, RCE, and other attacks before they reach your app.

Mindmap

mindmap
  root((SafeLine))
    What it does
      Blocks SQL injection
      Stops XSS attacks
      Prevents RCE
      Rate limiting
    Protection features
      Bot detection
      CAPTCHA challenges
      Password authentication
      Code encryption
    How to use
      Docker deployment
      Reverse proxy setup
      Traffic inspection
    Tech stack
      Go language
      Docker container
      HTTP/S support

Things people build with this

USE CASE 1

Protect a WordPress site or custom web app from SQL injection and XSS attacks without modifying your application code.

USE CASE 2

Block automated bot traffic and DDoS attempts by rate-limiting requests and requiring CAPTCHA verification.

USE CASE 3

Add an extra security layer in front of legacy web applications that can't be easily patched.

USE CASE 4

Encrypt your HTML and JavaScript on each request to make reverse-engineering your site harder for attackers.

Tech stack

GoDockerHTTP/S

Getting it running

Difficulty · moderate Time to first run · 30min

Requires Docker to run and network configuration to sit between internet and web server.

Use it freely, but any project you distribute that includes this code must also be GPL-licensed and open source.

In plain English

SafeLine is a self-hosted Web Application Firewall (WAF) and reverse proxy that you run on your own infrastructure to protect your websites and web apps from attacks. It sits between the internet and your web server, inspecting all incoming HTTP/S traffic and blocking anything that looks malicious before it reaches your application. It protects against a wide range of known attack types including SQL injection, cross-site scripting (XSS), remote code execution (RCE), server-side request forgery (SSRF), path traversal, and others. It also includes rate limiting to defend against denial-of-service attacks and brute-force attempts, bot detection with CAPTCHA challenges to block automated crawlers, an authentication challenge mode that requires visitors to enter a password, and a dynamic protection feature that encrypts your HTML and JavaScript code differently on each request to make it harder to analyze. According to the README, SafeLine has over 180,000 installations worldwide, protects over 1,000,000 websites, and handles over 30 billion HTTP requests daily. Benchmark comparisons show a 76% attack detection rate at strict settings with a very low false-positive rate. It is installed via Docker and is production-ready. The project is written in Go and backed by Chaitin, a security company.

Copy-paste prompts

Prompt 1
How do I set up SafeLine as a reverse proxy in Docker to protect my web server from SQL injection and XSS attacks?
Prompt 2
Show me how to configure rate limiting and bot detection in SafeLine to defend against DDoS and brute-force login attempts.
Prompt 3
What are the steps to enable dynamic code encryption in SafeLine so my HTML and JavaScript change on every request?
Prompt 4
How do I integrate SafeLine's CAPTCHA challenge mode to block automated crawlers while allowing real users through?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.