admin/SafeLine
1
0
Fork 0
mirror of https://github.com/chaitin/SafeLine.git synced 2026-01-31 13:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

修改 readme

Browse Source
This commit is contained in:
Monster
2023-06-25 18:18:38 +08:00
parent d0a1620f57
commit dee5019888
3 changed files with 183 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
README.md
View File

@@ -1,8 +1,7 @@
<p align="center">
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_logo.png" width="120">
<img src="https://waf-ce.chaitin.cn/images/403.svg" width="120">
</p>
<h1 align="center">SafeLine Community Edition</h1>
<h3 align="center">Keep hackers at bay</h3>
<h1 align="center">长亭雷池 WAF 社区版</h1>
<br>
<p align="center">
<img src="https://img.shields.io/badge/SafeLine-BEST_WAF-blue">
@@ -12,101 +11,109 @@
<img src="https://img.shields.io/github/stars/chaitin/safeline?style=social">
</p>
<p align="center"> <a href="https://waf-ce.chaitin.cn/">Official Website</a> </p>
<p align="center"> English | <a href="README_CN.md">中文文档</a> </p>
<p align="center">
<a href="https://waf-ce.chaitin.cn/">官方网站</a> |
<a href="https://waf-ce.chaitin.cn/posts/guide_introduction">技术文档</a> |
<a href="README_EN.md">For English</a>
</p>
A simple and easy to use WAF tool. Built on [Chaitin Technology](https://www.chaitin.cn/en/)'s ace 🤖Intelligent Semantic Analysis algorithm🤖, designed for the community.
<h3 align="center">相关源码仓库</h3>
<p align="center">
<a href="https://github.com/chaitin/yanshi">语义分析自动机引擎</a> |
<a href="https://github.com/chaitin/safeline-open-platform">流量分析插件</a> |
<a href="https://github.com/chaitin/lua-resty-t1k">T1K 协议</a> |
<a href="https://github.com/chaitin/blazehttp">测试工具</a>
</p>
## ✨ Demo
一款足够简单、足够好用、足够强的免费 WAF。
### 🔥🔥🔥 Online Demo: https://demo.waf-ce.chaitin.cn:9443/
耗时近 10 年,长亭科技倾情打造,核心检测能力由智能语义分析算法驱动,专为社区而生,不让黑客越雷池半步。
There is a simple http server, listened on `http://127.0.0.1:8889`, can be used as for testing.
<img src="https://waf-ce.chaitin.cn/images/album/0.png" />
![](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_detect_log.gif)
## 产品特性
![](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_website.gif)
#### 便捷性
## 🚀 Installation
采用容器化部署一条命令即可完成安装0 成本上手。安全配置开箱即用,无需人工维护,可实现安全躺平式管理。
### 1. Make sure [Docker](https://docs.docker.com/engine/install/) and [Compose V2](https://docs.docker.com/compose/install/) are installed correctly on the machine
```shell
docker info # >= 20.10.6
docker compose version # >= 2.0.0
#### 安全性
首创业内领先的智能语义分析算法,精准检测、低误报、难绕过。语义分析算法无规则,面对未知特征的 0day 攻击不再手足无措。
#### 高性能
无规则引擎,线性安全检测算法,平均请求检测延迟在 1 毫秒级别。并发能力强,单核轻松检测 2000+ TPS只要硬件足够强可支撑的流量规模无上限。
#### 高可用
流量处理引擎基于 Nginx 开发,性能与稳定性均可得到保障。内置完善的健康检查机制,服务可用性高达 99.99%。
## 🚀 安装
### 配置需求
- 操作系统Linux
- 指令架构x86_64
- 软件依赖Docker 20.10.6 版本以上
- 软件依赖Docker Compose 2.0.0 版本以上
- 最小化环境1 核 CPU / 1 GB 内存 / 10 GB 磁盘
### 创建安装目录
```
mkdir -p safeline # 创建 safeline 目录
cd safeline # 进入 safeline 目录
```
### 2. Setup and deploy
### 一键安装
```shell
mkdir -p safeline && cd safeline
# setup
curl -kfLsS https://waf-ce.chaitin.cn/release/latest/setup.sh | bash
# launch
sudo docker compose up -d
```
curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh | bash
```
#### Upgrade
> 更多安装方式请参考 <a href="https://waf-ce.chaitin.cn/posts/guide_install">安装雷池</a>
**WARN: SafeLine will be restarted and your traffic will be unavailable for a short period of time. You may need to choose a proper time for upgration.**
### 启动
```shell
curl -kfLsS https://waf-ce.chaitin.cn/release/latest/upgrade.sh | bash
# delete the old used image layers if necessary.
docker rmi $(docker images | grep "safeline" | grep "none" | awk '{print $3}')
```
docker compose up -d
```
## 🕹️ Quick Start
## 🕹️ 快速使用
### 1. Login
### 登录
Open admin page `https://<waf-ip>:9443` and scan qrcode with any authenticator Apps that support TOTP, enter the code to login.
浏览器打开后台管理页面 `https://<waf-ip>:9443`。根据界面提示,使用 **支持 TOTP 的认证软件** 扫描二维码,然后输入动态口令登录:
![safeline_login.gif](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_login.gif)
### 2. Create website
### 配置防护站点
雷池以反向代理方式接入,优先于网站服务器接收流量,对流量中的攻击行为进行检测和清洗,将清洗过后的流量转发给网站服务器。
![safeline_website.gif](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_website.gif)
<font color=grey>💡 TIPS: After creating websiteexecute `curl -H "Host: <Domain>" http://<WAF IP>:<Port>` to check if you can get correct response from web server.</font>
<font color=grey>💡 TIPS: 添加后,执行 `curl -H "Host: <域名>" http://<WAF IP>:<端口>` 应能获取到业务网站的响应。</font>
### 3. Deploy your website to SafeLine
### 测试效果
- If your website is hosted by DNS, just modify your DNS record to WAF
- If your website is behind any reverse-proxy like nginx, you can modify your nginx conf and set upstream to WAF
使用以下方式尝试模拟黑客攻击,看看雷池的防护效果如何
### 4. Protected!👌
- 浏览器访问 `http://<IP或域名>:<端口>/?id=1%20AND%201=1`
- 浏览器访问 `http://<IP或域名>:<端口>/?a=<script>alert(1)</script>`
Try these:
> 如果你需要进行深度测试,请参考 <a href="https://waf-ce.chaitin.cn/posts/guide_test">测试防护效果</a>
- `http://<IP or Domain>:<Port>/webshell.php`
- `http://<IP or Domain>:<Port>/?id=1%20AND%201=1`
- `http://<IP or Domain>:<Port>/?a=<script>alert(1)</script>`
## 🏘️ 联系我们
## 📖 FAQ
Please refer to our [FAQ](FAQ.md) first if you have any questions.
For examples:
- [docker compose or docker-compose?](FAQ.md#docker-compose-or-docker-compose)
- [website configurations](FAQ.md#站点配置问题)
- [website not working / not correctly response](FAQ.md#配置完成之后还是没有成功访问到上游服务器)
## 🏘️ Contact Us
1. You can make bug feedback and feature suggestions directly through GitHub Issues.
2. By scanning the QR code below (use wechat or qq), you can join the discussion group of SafeLine users for detailed discussions.
1. 可以通过 GitHub Issue 直接进行 Bug 反馈和功能建议
2. 可以扫描下方二维码加入雷池社区版用户讨论群
<img src="https://waf-ce.chaitin.cn/images/wechat-light.png" width="30%" />
## ✨ CTStack
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/CT%20Stack-2.png" width="30%" />
SafeLine has already joined [CTStack](https://stack.chaitin.com/tool/detail?id=717) community.
## Star History <a name="star-history"></a>
<a href="https://github.com/chaitin/safeline/stargazers">
<img width="500" alt="Star History Chart" src="https://api.star-history.com/svg?repos=chaitin/safeline&type=Date">
</a>
<img width="500" alt="Star History Chart" src="https://api.star-history.com/svg?repos=chaitin/safeline&type=Date">
</a>

145
README_CN.md
View File

@@ -1,145 +0,0 @@
<p align="center">
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_logo.png" width="120">
</p>
<h1 align="center">雷池 SafeLine 社区版</h1>
<h3 align="center">不让黑客越雷池半步</h3>
<br>
<p align="center">
<img src="https://img.shields.io/badge/SafeLine-BEST_WAF-blue">
<img src="https://img.shields.io/github/release/chaitin/safeline.svg?color=blue" />
<img src="https://img.shields.io/github/release-date/chaitin/safeline.svg?color=blue&label=update" />
<img src="https://img.shields.io/docker/v/chaitin/safeline-mgt-api?color=blue">
<img src="https://img.shields.io/github/stars/chaitin/safeline?style=social">
</p>
<p align="center"> <a href="https://waf-ce.chaitin.cn/">官方网站</a> </p>
<p align="center"> 中文文档 | <a href="README.md">English</a> </p>
一款简单、好用的 WAF 工具。基于[长亭科技](https://www.chaitin.cn)王牌的 🤖️智能语义分析算法🤖️ 打造,专为社区设计。
## ✨ Demo
### 🔥🔥🔥 体验地址https://demo.waf-ce.chaitin.cn:9443/
有一台运行在环境上 `http://127.0.0.1:8889` 的服务可以作为上游服务器测试使用。
![](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_detect_log.gif)
![](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_website.gif)
## 🚀 安装
### 1. 确保机器上正确安装 [Docker](https://docs.docker.com/engine/install/) 和 [Compose V2](https://docs.docker.com/compose/install/)
```shell
docker info # >= 20.10.6
docker compose version # >= 2.0.0
```
### 2. 部署安装
```shell
mkdir -p safeline && cd safeline
# 下载并执行 setup
curl -kfLsS https://waf-ce.chaitin.cn/release/latest/setup.sh | bash
# 运行
sudo docker compose up -d
```
#### 升级
##### 自动一键更新
**WARN: 雷池 SafeLine 服务会重启,流量会中断一小段时间,根据业务情况选择合适的时间来执行升级操作。**
```shell
# 请到 compose.yaml 同级目录下执行下面脚本
curl -kfLsS https://waf-ce.chaitin.cn/release/latest/upgrade.sh | bash
# 如果有需要,可以手动删除旧版本镜像
docker rmi $(docker images | grep "safeline" | grep "none" | awk '{print $3}')
```
**有部分环境的默认 SafeLine 安装路径是在 `/data/safeline-ce`,安装之后可能会发现需要重新绑定 OTP、配置丢失等情况可以修改 .env 的 `SAFELINE_DIR` 变量,指向 `/data/safeline-ce`**
##### 手动更新镜像
**适用于 docker hub 拉取镜像失败的场景,手动更新镜像,注意还是要执行 `upgrade.sh` 来处理 `.env` 的更新,否则有可能会因为缺少参数而启动失败。**
###### 1. 在一台能够从 docker hub 拉取镜像的机器上执行
```shell
# 拉取镜像
docker pull chaitin/safeline-tengine:latest
docker pull chaitin/safeline-mgt-api:latest
docker pull chaitin/safeline-mario:latest
docker pull chaitin/safeline-detector:latest
docker pull postgres:15.2
docker pull redis:7.0.11
# 打包镜像
docker save -o image.tar chaitin/safeline-tengine:latest chaitin/safeline-mgt-api:latest chaitin/safeline-mario:latest chaitin/safeline-detector:latest postgres:15.2 redis:7.0.11
# 传输到 SafeLine 要部署的目标服务器
# scp image.tar <target-server>:/root/
```
###### 2. 在目标服务器 load 镜像
```shell
docker load -i image.tar
curl -kfLsS https://waf-ce.chaitin.cn/release/latest/upgrade.sh | bash
```
## 🕹️ 快速使用
### 1. 登录
浏览器打开后台管理页面 `https://<waf-ip>:9443`。根据界面提示,使用 **支持 TOTP 的认证软件** 扫描二维码,然后输入动态口令登录:
![safeline_login.gif](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_login.gif)
### 2. 添加站点
![safeline_website.gif](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_website.gif)
<font color=grey>💡 TIPS: 添加后,执行 `curl -H "Host: <域名>" http://<WAF IP>:<端口>` 应能获取到业务网站的响应。</font>
### 3. 将网站流量切到雷池
- 若网站通过域名访问,则可将域名的 DNS 解析指向雷池所在设备
- 若网站前有 nginx 、负载均衡等代理设备,则可将雷池部署在代理设备和业务服务器之间,然后将代理设备的 upstream 指向雷池
### 4. 开始防护👌
试试这些攻击方式:
- 浏览器访问 `http://<IP或域名>:<端口>/webshell.php`
- 浏览器访问 `http://<IP或域名>:<端口>/?id=1%20AND%201=1`
- 浏览器访问 `http://<IP或域名>:<端口>/?a=<script>alert(1)</script>`
## 📖 FAQ
有任何问题请先查阅我们的 [FAQ 文档](FAQ.md)。
比如:
- [docker compose or docker-compose?](FAQ.md#docker-compose-还是-docker-compose)
- [站点如何配置](FAQ.md#站点配置问题)
- [配置完成之后,还是没有成功访问到上游服务器](FAQ.md#配置完成之后还是没有成功访问到上游服务器)
## 🏘️ 联系我们
1. 您可以通过 GitHub Issue 直接进行 Bug 反馈和功能建议。
2. 扫描下方二维码可以加入雷池社区版用户讨论群进行详细讨论
<img src="https://waf-ce.chaitin.cn/images/wechat-light.png" width="30%" />
## ✨ CTStack
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/CT%20Stack-2.png" width="30%" />
雷池 SafeLine 现已加入 [CTStack](https://stack.chaitin.com/tool/detail?id=717) 社区
## Star History <a name="star-history"></a>
<a href="https://github.com/chaitin/safeline/stargazers">
<img width="500" alt="Star History Chart" src="https://api.star-history.com/svg?repos=chaitin/safeline&type=Date">
</a>

112
README_EN.md Normal file
View File

@@ -0,0 +1,112 @@
<p align="center">
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_logo.png" width="120">
</p>
<h1 align="center">SafeLine Community Edition</h1>
<h3 align="center">Keep hackers at bay</h3>
<br>
<p align="center">
<img src="https://img.shields.io/badge/SafeLine-BEST_WAF-blue">
<img src="https://img.shields.io/github/release/chaitin/safeline.svg?color=blue" />
<img src="https://img.shields.io/github/release-date/chaitin/safeline.svg?color=blue&label=update" />
<img src="https://img.shields.io/docker/v/chaitin/safeline-mgt-api?color=blue">
<img src="https://img.shields.io/github/stars/chaitin/safeline?style=social">
</p>
<p align="center"> <a href="https://waf-ce.chaitin.cn/">Official Website</a> </p>
<p align="center"> English | <a href="README_CN.md">中文文档</a> </p>
A simple and easy to use WAF tool. Built on [Chaitin Technology](https://www.chaitin.cn/en/)'s ace 🤖Intelligent Semantic Analysis algorithm🤖, designed for the community.
## ✨ Demo
### 🔥🔥🔥 Online Demo: https://demo.waf-ce.chaitin.cn:9443/
There is a simple http server, listened on `http://127.0.0.1:8889`, can be used as for testing.
![](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_detect_log.gif)
![](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_website.gif)
## 🚀 Installation
### 1. Make sure [Docker](https://docs.docker.com/engine/install/) and [Compose V2](https://docs.docker.com/compose/install/) are installed correctly on the machine
```shell
docker info # >= 20.10.6
docker compose version # >= 2.0.0
```
### 2. Setup and deploy
```shell
mkdir -p safeline && cd safeline
# setup
curl -kfLsS https://waf-ce.chaitin.cn/release/latest/setup.sh | bash
# launch
sudo docker compose up -d
```
#### Upgrade
**WARN: SafeLine will be restarted and your traffic will be unavailable for a short period of time. You may need to choose a proper time for upgration.**
```shell
curl -kfLsS https://waf-ce.chaitin.cn/release/latest/upgrade.sh | bash
# delete the old used image layers if necessary.
docker rmi $(docker images | grep "safeline" | grep "none" | awk '{print $3}')
```
## 🕹️ Quick Start
### 1. Login
Open admin page `https://<waf-ip>:9443` and scan qrcode with any authenticator Apps that support TOTP, enter the code to login.
![safeline_login.gif](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_login.gif)
### 2. Create website
![safeline_website.gif](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_website.gif)
<font color=grey>💡 TIPS: After creating websiteexecute `curl -H "Host: <Domain>" http://<WAF IP>:<Port>` to check if you can get correct response from web server.</font>
### 3. Deploy your website to SafeLine
- If your website is hosted by DNS, just modify your DNS record to WAF
- If your website is behind any reverse-proxy like nginx, you can modify your nginx conf and set upstream to WAF
### 4. Protected!👌
Try these:
- `http://<IP or Domain>:<Port>/webshell.php`
- `http://<IP or Domain>:<Port>/?id=1%20AND%201=1`
- `http://<IP or Domain>:<Port>/?a=<script>alert(1)</script>`
## 📖 FAQ
Please refer to our [FAQ](FAQ.md) first if you have any questions.
For examples:
- [docker compose or docker-compose?](FAQ.md#docker-compose-or-docker-compose)
- [website configurations](FAQ.md#站点配置问题)
- [website not working / not correctly response](FAQ.md#配置完成之后还是没有成功访问到上游服务器)
## 🏘️ Contact Us
1. You can make bug feedback and feature suggestions directly through GitHub Issues.
2. By scanning the QR code below (use wechat or qq), you can join the discussion group of SafeLine users for detailed discussions.
<img src="https://waf-ce.chaitin.cn/images/wechat-light.png" width="30%" />
## ✨ CTStack
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/CT%20Stack-2.png" width="30%" />
SafeLine has already joined [CTStack](https://stack.chaitin.com/tool/detail?id=717) community.
## Star History <a name="star-history"></a>
<a href="https://github.com/chaitin/safeline/stargazers">
<img width="500" alt="Star History Chart" src="https://api.star-history.com/svg?repos=chaitin/safeline&type=Date">
</a>