SafeLine

SafeLine

Website

Self-hosted WAF and reverse proxy for securing web apps

RepositoryWebsiteDemo
20.8kstars
1.3kforks
Last commit: 3mo ago
Repo age: 3y old
SafeLine screenshot

SafeLine is a self-hosted Web Application Firewall (WAF) that sits in front of web apps to filter and monitor HTTP/S traffic, protecting against common web attacks. It also functions as a reverse proxy with ML-powered threat detection and modular, policy-driven protection.

Key Features

  • Intelligent protection engine powered by machine learning with high detection rates and very low false positives
  • Bot protection with CAPTCHA challenges and anti-replay protection
  • HTTP Flood DDoS protection through intelligent traffic orchestration and rate limiting
  • Identity and Access Management for on-prem and cloud apps via standard protocols and flexible integration
  • Nginx-based reverse proxy architecture that shields web apps from the Internet

Use Cases

  • E-commerce & Payment Platforms: protects merchant sites with real-time bot detection and traffic analysis, aiming to maintain availability during peak periods
  • SaaS & Cloud Platforms: protects REST and GraphQL APIs from common web threats with ML-powered anomaly detection
  • Content & Media Services: guards against high-frequency attacks and content scraping, with geo-based access controls for copyright compliance

Conclusion

SafeLine is a production-ready, self-hosted WAF with a broad user base and open community. It provides enterprise-grade protection for web applications, APIs, and services through ML-powered threat detection and flexible deployment options.

Categories:

Network Security (VPN, Firewall, WAF)Threat Detection, SIEM & Incident Response

Tags:

# Application Firewall# Proxy# Security# Intrusion Prevention# Anti Bot# DDoS Mitigation# Policy As Code# WAF# Anti Abuse# Reverse Proxy

Tech Stack:

Nginx
Nginx
Docker
Docker
D
Docker Compose
Share:

Similar Services

Pi-hole

Pi-hole

Network-wide DNS sinkhole for ad and tracker blocking

55.9k
3k
Last commit: 8d ago

Pi-hole is a network-wide DNS sinkhole that blocks ads and trackers for all devices on your network, with a web dashboard, query logs, and optional DHCP server.

Alternative to:
AdGuard
AdGuard+7
Headscale

Headscale

Self-hosted control server for Tailscale-based WireGuard networks

35.8k
1.9k
Last commit: 5d ago

Headscale is an open source, self-hosted implementation of the Tailscale control server for managing a private tailnet, nodes, keys, IPs, and routes.

Alternative to:
Tailscale
Tailscale+9
AdGuard Home

AdGuard Home

Network-wide DNS server that blocks ads, trackers, phishing and malware

32.8k
2.3k
Last commit: 7h ago

Open-source DNS-based ad & tracker blocking server for networks. Offers per-device rules, parental controls, encrypted upstream DNS (DoH/DoT/DNSCrypt), web UI and API.

Alternative to:
AdGuard
AdGuard+5
Web-Check

Web-Check

All-in-one OSINT tool for analyzing any website.

32.1k
2.5k
Last commit: 25d ago

Comprehensive on-demand OSINT to analyze a website's security, architecture, and tech stack.

Alternative to:
Shodan
Shodan+8
wg-easy

wg-easy

WireGuard VPN server with a web-based admin interface

24.7k
2.4k
Last commit: 2d ago

Run a WireGuard VPN server with an easy web admin UI to manage clients, generate configs and QR codes, and monitor connections and traffic.

Alternative to:
Tailscale
Tailscale+14
NetBird

NetBird

WireGuard-based overlay network with SSO/MFA and granular access controls.

23.1k
1.1k
Last commit: 1d ago

Open-source zero-trust networking platform delivering a WireGuard-based private network with centralized access control, SSO/MFA, and cross-platform clients.

Alternative to:
Tailscale
Tailscale+17