But I tried and it did work well and I got positive results after a pen test. Every software collect data. Telemetry is very often used to understand usage patterns.
3:10 - it looks interesting but combining Chinese software with something that can read encrypted packets is a bit too much for me. Great review though and thanks for sharing it
Been looking for a decent WAF for awhile. Sophos is a pain and crowdsec isn't much better. I appreciate the transparency on the origin, i wont be testing this out because of the origin but its nice to see other options coming out that might get support going for other projects.
just saw dbtech’s video on this. i did not know this application phones back home to china and collects your data without your consent but they since disclosed this recently. i was already not a fan of the paywall features and now this, this is a hard pass for me
Thanks for replying. I'll contact them and see if they are willing to disclose the facts. This is likely the nail in the coffin for most people (rightfully so!).
*Contemplating on setting up WAF for external services*....Jim's Garage "Should You Switch? Deployment Guide and Initial Thought"............. 3:10 ...glad to know.
@@altimeterlabs sure, a VM has an isolated kernel (more secure albeit LXC should be sufficient). I also prefer a VM as there's no dependency on the underlying OS (it will run on anything KVM).
@@Jims-Garage I,m with you on this one, I do the exact same. Although, I have a lot of CPU cores and RAM and electricity is dirt cheap where I live. So if those were issues I might've considered LXCs a lot more
I have Nginx configured as a reverse proxy for my web applications, and I'm now trying to integrate SafeLine into this setup. I’ve set port 80 to forward to SafeLine, and then configured Nginx to route traffic to SafeLine on port 9443. In theory, this setup should work, but I keep running into a certificate error. Any ideas on what might be causing this?
Great video as always ! The chinese factor being a problem, Bunkerweb seems to be a good (French) alternative from what I saw. Maybe you could give it a try to do a WAF comparison ?
Looks like a great app, the UI is pretty nice (-light theme), ,bit bummed of the elephant in the room. I wonder if there is anything similar (ui wise) to this
Honestly, I tried to move past the Chinese origin. However, seeing that it doesn't even default to IPv6 being on was the final nail in the coffin for me.
@@Carrie-f5b I can see that, but the fact that this is being offered as a WAF and it's not defaulting to IPv6 being on suggests that IPv6 is a secondary concern to (legacy) IPv4. In other words: Out of the box, it's only filtering on legacy traffic.
@@masterroot24 Tengine is host network and supports to filter IPv6 traffic by default. But if you mean accessing SafeLine Management Console with IPv6, that is port 9443, you need to enable IPv6 on docker.
I always thought WAF = wife approval factor
Haha! Very apt in the homelab space ! 😂 "Is the internet down again?"
Very interesting, thanks for your work with this video Jim!
@@Glatze603 you're welcome
Well I stopped at the elephant in the room @3:10
I can understand that, hence why I felt it was important to mention it.
@ very nice and thanks for the transparency.
and................im done here......
Thanks for the demo and info. Another great fantastic video Jim. Have a wonderful day
Glad you enjoyed it
Would love a video of more advanced crowdsec/traefik configuration.
Noted! I have been meaning to revisit for a while now
Same as well. I am building my homelab around these two products Traefik and Crowdsec and getting that data to show on Grafana will be great
This sounds like an intersting product right up until the throwawy line "they're based in China" Oh well onto the next.
BunkerWeb next (albeit checkout my CrowdSec video - it's probably the best option)
Thanks for the demo and info. Have a great day
Thanks, you too!
But I tried and it did work well and I got positive results after a pen test. Every software collect data. Telemetry is very often used to understand usage patterns.
3:10 - it looks interesting but combining Chinese software with something that can read encrypted packets is a bit too much for me. Great review though and thanks for sharing it
Very nice indeed! I wonder would this possibly replace traefik+crowdsec+ let's encrypt combo? 🤔
@@Sli3py it can, but you'll have to decide if you should
Been looking for a decent WAF for awhile. Sophos is a pain and crowdsec isn't much better. I appreciate the transparency on the origin, i wont be testing this out because of the origin but its nice to see other options coming out that might get support going for other projects.
just saw dbtech’s video on this. i did not know this application phones back home to china and collects your data without your consent but they since disclosed this recently. i was already not a fan of the paywall features and now this, this is a hard pass for me
Thanks for replying. I'll contact them and see if they are willing to disclose the facts. This is likely the nail in the coffin for most people (rightfully so!).
@@Jims-Garage they just recently published a disclaimer on their website but not at the time this video was uploaded
@romayojr ok, thanks
Subbed :)
@@crypto-city859 thanks 👍
if it wasn't $600 a year for basic free functionality you can get elsewhere i would've considered this.
*Contemplating on setting up WAF for external services*....Jim's Garage "Should You Switch? Deployment Guide and Initial Thought"............. 3:10 ...glad to know.
May I ask why you always use VMs as opposed to LXCs? A video on the pros / cons would be great!
@@altimeterlabs sure, a VM has an isolated kernel (more secure albeit LXC should be sufficient). I also prefer a VM as there's no dependency on the underlying OS (it will run on anything KVM).
@@Jims-Garage I,m with you on this one, I do the exact same. Although, I have a lot of CPU cores and RAM and electricity is dirt cheap where I live. So if those were issues I might've considered LXCs a lot more
I have Nginx configured as a reverse proxy for my web applications, and I'm now trying to integrate SafeLine into this setup. I’ve set port 80 to forward to SafeLine, and then configured Nginx to route traffic to SafeLine on port 9443. In theory, this setup should work, but I keep running into a certificate error. Any ideas on what might be causing this?
kindly compare it to Crowdsec waf
I already have a video on crowdsec (both docker and kubernetes) but it might be worth a refresh.
Great video as always ! The chinese factor being a problem, Bunkerweb seems to be a good (French) alternative from what I saw. Maybe you could give it a try to do a WAF comparison ?
Oui oui, I'll check that out. Thanks
Looks like a great app, the UI is pretty nice (-light theme), ,bit bummed of the elephant in the room. I wonder if there is anything similar (ui wise) to this
No Mainland China project....give up for this....
compare it to firewalla software / firewall
Thanks, I'm yet to test firewalla
Chinese, nope thx
Honestly, I tried to move past the Chinese origin. However, seeing that it doesn't even default to IPv6 being on was the final nail in the coffin for me.
That's a fair criticism.
If you enable IPv6 on docker, it actually supports.
@@Carrie-f5b I can see that, but the fact that this is being offered as a WAF and it's not defaulting to IPv6 being on suggests that IPv6 is a secondary concern to (legacy) IPv4. In other words: Out of the box, it's only filtering on legacy traffic.
@@masterroot24 Tengine is host network and supports to filter IPv6 traffic by default. But if you mean accessing SafeLine Management Console with IPv6, that is port 9443, you need to enable IPv6 on docker.
Please review BunkerWeb.
@@roehlaguila7930 I'll have a look
Thanks for the heads up, didn't know about this one, and will definitely check it out :)