SafeLine WAF

Kosta

Hello, I read some interesting stuff regarding SafeLineWAF.
I see it’s requires Docker but I wonder would it be a good Feature added to Enhance to allow more easy management of security itself with WAF?
Thanks

webnestify

I would not use SafeLine. It's from China and who knows 😃 Rather Bunkerweb is amazing and made in EU 🙂 https://www.bunkerweb.io/

Kosta

webnestify thank you, I will have a try with both of them.

If anyone had some experience with them on production environments please share some feedback.
Thanks

Carrie

Kosta You can join the SafeLine Discord community to get real user feedback around the world.

JohnB

If you want Chinese backdoor risk in your production enviroment AAPanel is a great option and its free!

Kosta

JohnB what takes my attention with SafeLine WAF was the SSO and some table with results that showing better numbers than CF WAF and the free price. Soo am hoping to get some feedback from someone who had experience with SafeLine
Bunkerweb on other side it will cost some $$.

About Chinese software, well all the server components are Chinese.. and if they are good hackers - logically for me they should be good at security too 😂

Aapanel I was looking at it few months ago… it’s not related to this topic no idea why u mention it.

Carrie

JohnB aaPanel does offer free WAF feature, but once you try you’ll notice it relies on basic rule-based matching, leading to high FP and FN rates. It struggles to detect sophisticated attacks, has limited protection capabilities, rough rule management, and lacks detailed analytics.

JohnB

Kosta I mentioned it because Enhance is a secure platform. If you want a less secure platform like the one you'll get using a chinese WAF, just use aaPanel was my point. You don't buy an expensive steak just to put ketchup on it lol.

About Chinese software, well all the server components are Chinese

Litespeed was initially developed by a Chinese developer yes. However there is a big difference between software having Chinese developers (usually very good developers) and the company itself being based in China. Chinese companies answer to the Chinese government and love their backdoors.

Some will say its paranoia but huawei is a good example...

https://www.cnet.com/tech/mobile/us-finds-huawei-has-backdoor-access-to-mobile-networks-globally-report-says/

cPFence

Kosta and the free price

The SafeLine WAF free plan covers only 10 sites and has limited features. Just keep in mind the demo is running the PRO version, which goes for $100/month just for the WAF.

Kosta

JohnB I had huawei mate 10 pro amazing phone… but the Chinese government yeah… fbi got access to encrypted iPhone I think if I am not wrong…

cPFence yes my bad,
Any chance we to have some WAF panel by cpfence available to our customers eventually when/if later cpfence gets fully integrated with Enhance inside their dashboard..? Like SafeLine and bunkerweb etc.. with sso etc

cPFence

Kosta Any chance we to have some WAF panel by cpfence available to our customers eventually when/if later cpfence gets fully integrated with Enhance inside their dashboard..? Like SafeLine and bunkerweb etc.. with sso etc

Our plan is to add a simple panel for each website inside the Enhance user account once Enhance provides the needed framework. It’ll include protection stats, virus scanning, WAF info, and settings. For admins, we’ll have an auto-login button that takes them straight to the cPFence WebUI to manage the full cluster.

Kosta

cPFence sounds good

Carrie

Regarding concerns about the Chinese government and potential backdoors, I can’t speak for other products, but SafeLine has taken acctions to protect user privacy. First of all, it’s self-hosted, so all data stays within your own environment.

I believe you can find if your SafeLine instance is sending any data to servers in China.

On the SafeLine dashboard, you’ll find two data-related programs that are enabled by default: “Malicious IP” and the “User Experience Program.” If you don’t want any data to be sent back, you can simply uncheck them—this will stop all outbound data transmission.

Image description

If you’re using the free personal edition, you’ll notice that SafeLine has no external connections at all.

If you’re using the professional edition, the only external connection is to the official SafeLine License server, which is used solely to validate your license status.

Kosta

Carrie thank you