Analysis updated 2026-05-18
Protect a WordPress site or custom web app from SQL injection and XSS attacks without modifying your application code.
Block automated bot traffic and DDoS attempts by rate-limiting requests and requiring CAPTCHA verification.
Add an extra security layer in front of legacy web applications that can't be easily patched.
Encrypt your HTML and JavaScript on each request to make reverse-engineering your site harder for attackers.
| chaitin/safeline | samber/lo | lima-vm/lima | |
|---|---|---|---|
| Stars | 21,226 | 21,227 | 20,954 |
| Language | Go | Go | Go |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 4/5 | 2/5 | 3/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker to run and network configuration to sit between internet and web server.
SafeLine is a self-hosted Web Application Firewall (WAF) and reverse proxy that you run on your own infrastructure to protect your websites and web apps from attacks. It sits between the internet and your web server, inspecting all incoming HTTP/S traffic and blocking anything that looks malicious before it reaches your application. It protects against a wide range of known attack types including SQL injection, cross-site scripting (XSS), remote code execution (RCE), server-side request forgery (SSRF), path traversal, and others. It also includes rate limiting to defend against denial-of-service attacks and brute-force attempts, bot detection with CAPTCHA challenges to block automated crawlers, an authentication challenge mode that requires visitors to enter a password, and a dynamic protection feature that encrypts your HTML and JavaScript code differently on each request to make it harder to analyze. According to the README, SafeLine has over 180,000 installations worldwide, protects over 1,000,000 websites, and handles over 30 billion HTTP requests daily. Benchmark comparisons show a 76% attack detection rate at strict settings with a very low false-positive rate. It is installed via Docker and is production-ready. The project is written in Go and backed by Chaitin, a security company.
Self-hosted Web Application Firewall that sits between the internet and your web server, blocking SQL injection, XSS, RCE, and other attacks before they reach your app.
Mainly Go. The stack also includes Go, Docker, HTTP/S.
Use it freely, but any project you distribute that includes this code must also be GPL-licensed and open source.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.