// the find
chaitin/SafeLine
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
SafeLine is a self-hosted WAF and reverse proxy from Chaitin Tech, a Chinese security company. It sits in front of your web apps and blocks common attack patterns — SQLi, XSS, path traversal, etc. — plus adds rate limiting, bot challenges, and an unusual 'dynamic protection' feature that encrypts HTML/JS on each response to foil scrapers.
The benchmark numbers are credible: 71-76% detection rate with only 0.07-0.22% false positives beats ModSecurity Level 1 on both axes simultaneously, which is genuinely hard to do. The dynamic HTML/JS encryption is a real differentiator — it's not just signature matching, it actively makes your app harder to reverse-engineer. Integration surface is wide: Kong, ingress-nginx, and Traefik plugins plus a Lua SDK (lua-resty-t1k) mean you can drop it into most stacks without rearchitecting. 180k installs and 30B daily requests is a credible production claim, not vaporware.
The detection engine is a closed binary — the 'yanshi' language compiler in the repo is for their custom FSA-based rule DSL, but the actual detection rules are not open source. You're betting on Chaitin's opaque rule updates, not auditable logic. The 'PRO Edition coming soon' in the README is a yellow flag: free features may migrate behind a paywall without warning. The repo is essentially a compose.yaml, a management UI, and SDKs — the actual WAF engine ships as a Docker image you can't inspect, which is a significant trust issue for security-critical infrastructure. No TLS termination docs for the management interface itself means ops teams will likely expose it unprotected.