A domestic open source Web firewall artifact!

With the rise of open source web frameworks and various website building tools, building a website is already a very low-cost matter, but few people pay attention to the security of the website, so that the category of WAF is also little known.

1. What is WAF?

WAF is the abbreviation of Web Application Firewall, also known as website firewall. It can protect the website from being attacked by hackers , and usually exists in the form of a web gateway, which is accessed as a reverse proxy. WAF can identify and block common web attacks, such as: SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), server-side request forgery (SSRF), WebShell upload and communication, etc.

Two, Lei Chi

Today, HelloGitHub brings to you an out-of-the-box, powerful, and well-received website protection tool—Leichi WAF, which prevents hackers from overstepping.

GitHub address: https://github.com/chaitin/safeline

Leichi is an easy-to-use and well-received community WAF project. Its underlying Nginx-based web gateway acts as a reverse proxy to access the network, cleans malicious traffic from hackers, and protects your website from hacker attacks. Leichi has a friendly web interface, even if you don't have a background in network security technology, you can still use it to play a top-notch website protection effect .

Leichi is an open source website firewall tool in April this year by Changting Technology , a top network information security company in China . Its iteration speed is quite amazing. In just four months, a total of 31 versions were released, used by 1.8w webmasters, and 3K+ Stars have been harvested on GitHub✨.

Next, let us get started with this domestic open source website firewall artifact!

3. Installation and deployment

Leichi adopts the containerized deployment method, and the service is composed of multiple Docker containers, which supports simple and convenient one-stop installation scripts . As long as the server can be connected to the Internet, after executing the installation script, it will automatically pull the image, initialize the configuration file, and start the service in one go.

3.1 Install with one command

Use the online installation script directly.

bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"

3.2 Clone repository installation

After cloning the warehouse, execute the setup.sh script to install it.

git clone [email protected]:chaitin/safeline.git
cd safeline
bash ./setup.sh

3.3 The installation is successful

The whole installation process is very friendly to novices, the prompt words are in Chinese, Docker is automatically installed, etc., just follow the prompts all the way down.

  ____             __          _       _
 / ___|    __ _   / _|   ___  | |     (_)  _ __     ___
 \___ \   / _` | | |_   / _ \ | |     | | | '_ \   / _ \
  ___) | | (_| | |  _| |  __/ | |___  | | | | | | |  __/
 |____/   \__,_| |_|    \___| |_____| |_| |_| |_|  \___|

[SafeLine] 脚本调用方式确认正常
[SafeLine] 缺少 Docker 环境
[SafeLine] 是否需要自动安装 Docker (Y/n)
# Executing docker install script, commit: xxx
...
[SafeLine] 雷池安装目录 (留空则为 '/data/safeline'):
[SafeLine] 目录 '/data/safeline' 当前剩余存储空间为 47G ，雷池至少需要 5G，是否确定 (Y/n)
[SafeLine] 创建安装目录 '/data/safeline' 成功
...
[SafeLine] 雷池 WAF 社区版安装成功，请访问以下地址访问控制台
[SafeLine] https://0.0.0.0:9443/  # 安装成功

After the installation is complete, follow the prompts to access the local Web service port to start using.

4. Working principle

The following will introduce the working principle of Leichi through a simple WAF deployment architecture diagram.

The figure below shows a simple website topology, where requests from external users are sent to the website server through the network.

At this time, if there is a malicious user among the external users, the attack request sent by the malicious user will also be transmitted to the website server through the network.

Leichi accesses in the form of a reverse proxy, which receives traffic prior to the website server, detects and cleans the attack behavior in the traffic, and forwards the cleaned traffic to the website server.

Through the above behaviors, malicious requests can be filtered out before the requests reach the website server, and ultimately ensure that external attack traffic cannot reach the website server.

5. Core competencies

Leichi is a website firewall that is both internal and external. It not only has a good-looking interface, but also has powerful website security protection functions.

5.1 Protection against web attacks, CC attacks, and reptiles

Leichi's web attack detection capability is driven by semantic analysis algorithms. Different from general semantic analysis, Leichi's automaton engine yanshican support fragment syntax analysis, automatically recursively decode HTTP request parameters, extract attack fragments in request parameters, and The attack scoring model is used to identify the attack code in the parameters, and finally determine whether the HTTP request is a malicious attack. It has the ability to protect against general attacks, and also has the ability to identify generalized attacks, which can detect attacks without rules 0Day.

Leichi integrates human-machine verification algorithms based on malicious IP intelligence, client fingerprints, mouse and keyboard behavior recognition, and access frequency limitation, which can be used to fight against reptiles, scans, and CC attacks .

5.2 Web traffic access control

Leichi supports configuring the black and white lists of website access control through the visual page, allowing matching conditions such as source IP, path, domain name, Header, and Body.

5.3 Website resource identification

Leichi automatically identifies web resources based on HTTP traffic, thereby generating continuous statistics and analysis of API portraits. Use dynamic baseline and predictive analysis technology to analyze abnormal access behaviors, accurately identify attack behaviors with normal operations but abnormal requests, and detect abnormal traffic from normal behaviors.

Six, finally

Leichi is an open source website firewall built by Chaitin Technology for nearly 10 years. It has the characteristics of out-of-the-box, enterprise protection capabilities, and high performance.

Out of the box: only one command is required for installation, and the interface is simple and easy to operate.
Powerful functions: The first semantic analysis-driven Web attack detection algorithm supports advanced protection capabilities only available in enterprise-level products, such as IP threat intelligence, dynamic frequency limiting, and intelligent modeling.
High performance: The attack detection capability is added on top of Nginx, easily supporting 10,000+ TPS traffic, and the delay caused by attack detection is at the level of 1 millisecond.

If you feel that Lei Chi is not bad after using it, just give it a Star✨!

GitHub address: https://github.com/chaitin/safeline