But I tried and it did work well and I got positive results after a pen test. Every software collect data. Telemetry is very often used to understand usage patterns.
3:10 - it looks interesting but combining Chinese software with something that can read encrypted packets is a bit too much for me. Great review though and thanks for sharing it
Been looking for a decent WAF for awhile. Sophos is a pain and crowdsec isn't much better. I appreciate the transparency on the origin, i wont be testing this out because of the origin but its nice to see other options coming out that might get support going for other projects.
*Contemplating on setting up WAF for external services*....Jim's Garage "Should You Switch? Deployment Guide and Initial Thought"............. 3:10 ...glad to know.
I have Nginx configured as a reverse proxy for my web applications, and I'm now trying to integrate SafeLine into this setup. I’ve set port 80 to forward to SafeLine, and then configured Nginx to route traffic to SafeLine on port 9443. In theory, this setup should work, but I keep running into a certificate error. Any ideas on what might be causing this?
Great video as always ! The chinese factor being a problem, Bunkerweb seems to be a good (French) alternative from what I saw. Maybe you could give it a try to do a WAF comparison ?
@@altimeterlabs sure, a VM has an isolated kernel (more secure albeit LXC should be sufficient). I also prefer a VM as there's no dependency on the underlying OS (it will run on anything KVM).
@@Jims-Garage I,m with you on this one, I do the exact same. Although, I have a lot of CPU cores and RAM and electricity is dirt cheap where I live. So if those were issues I might've considered LXCs a lot more
Looks like a great app, the UI is pretty nice (-light theme), ,bit bummed of the elephant in the room. I wonder if there is anything similar (ui wise) to this
Honestly, I tried to move past the Chinese origin. However, seeing that it doesn't even default to IPv6 being on was the final nail in the coffin for me.
@@Carrie-f5b I can see that, but the fact that this is being offered as a WAF and it's not defaulting to IPv6 being on suggests that IPv6 is a secondary concern to (legacy) IPv4. In other words: Out of the box, it's only filtering on legacy traffic.
@@masterroot24 Tengine is host network and supports to filter IPv6 traffic by default. But if you mean accessing SafeLine Management Console with IPv6, that is port 9443, you need to enable IPv6 on docker.
![BRASIL vs. URUGUAY [1-1] | RESUMEN | ELIMINATORIAS SUDAMERICANAS | FECHA 12](http://i.ytimg.com/vi/-hWBAuxF1eY/mqdefault.jpg)
I always thought WAF = wife approval factor
Haha! Very apt in the homelab space ! 😂 "Is the internet down again?"
Well I stopped at the elephant in the room @3:10
I can understand that, hence why I felt it was important to mention it.
@ very nice and thanks for the transparency.
and................im done here......
But I tried and it did work well and I got positive results after a pen test. Every software collect data. Telemetry is very often used to understand usage patterns.
This sounds like an intersting product right up until the throwawy line "they're based in China" Oh well onto the next.
BunkerWeb next (albeit checkout my CrowdSec video - it's probably the best option)
Thanks for the demo and info. Another great fantastic video Jim. Have a wonderful day
Glad you enjoyed it
Would love a video of more advanced crowdsec/traefik configuration.
Noted! I have been meaning to revisit for a while now
Same as well. I am building my homelab around these two products Traefik and Crowdsec and getting that data to show on Grafana will be great
Very interesting, thanks for your work with this video Jim!
@@Glatze603 you're welcome
3:10 - it looks interesting but combining Chinese software with something that can read encrypted packets is a bit too much for me. Great review though and thanks for sharing it
Thanks for the demo and info. Have a great day
Thanks, you too!
Been looking for a decent WAF for awhile. Sophos is a pain and crowdsec isn't much better. I appreciate the transparency on the origin, i wont be testing this out because of the origin but its nice to see other options coming out that might get support going for other projects.
Very nice indeed! I wonder would this possibly replace traefik+crowdsec+ let's encrypt combo? 🤔
@@Sli3py it can, but you'll have to decide if you should
*Contemplating on setting up WAF for external services*....Jim's Garage "Should You Switch? Deployment Guide and Initial Thought"............. 3:10 ...glad to know.
I have Nginx configured as a reverse proxy for my web applications, and I'm now trying to integrate SafeLine into this setup. I’ve set port 80 to forward to SafeLine, and then configured Nginx to route traffic to SafeLine on port 9443. In theory, this setup should work, but I keep running into a certificate error. Any ideas on what might be causing this?
Great video as always ! The chinese factor being a problem, Bunkerweb seems to be a good (French) alternative from what I saw. Maybe you could give it a try to do a WAF comparison ?
Oui oui, I'll check that out. Thanks
May I ask why you always use VMs as opposed to LXCs? A video on the pros / cons would be great!
@@altimeterlabs sure, a VM has an isolated kernel (more secure albeit LXC should be sufficient). I also prefer a VM as there's no dependency on the underlying OS (it will run on anything KVM).
@@Jims-Garage I,m with you on this one, I do the exact same. Although, I have a lot of CPU cores and RAM and electricity is dirt cheap where I live. So if those were issues I might've considered LXCs a lot more
Looks like a great app, the UI is pretty nice (-light theme), ,bit bummed of the elephant in the room. I wonder if there is anything similar (ui wise) to this
kindly compare it to Crowdsec waf
I already have a video on crowdsec (both docker and kubernetes) but it might be worth a refresh.
Subbed :)
@@crypto-city859 thanks 👍
compare it to firewalla software / firewall
Thanks, I'm yet to test firewalla
No Mainland China project....give up for this....
Honestly, I tried to move past the Chinese origin. However, seeing that it doesn't even default to IPv6 being on was the final nail in the coffin for me.
That's a fair criticism.
If you enable IPv6 on docker, it actually supports.
@@Carrie-f5b I can see that, but the fact that this is being offered as a WAF and it's not defaulting to IPv6 being on suggests that IPv6 is a secondary concern to (legacy) IPv4. In other words: Out of the box, it's only filtering on legacy traffic.
@@masterroot24 Tengine is host network and supports to filter IPv6 traffic by default. But if you mean accessing SafeLine Management Console with IPv6, that is port 9443, you need to enable IPv6 on docker.
Chinese, nope thx
Please review BunkerWeb.
@@roehlaguila7930 I'll have a look
Thanks for the heads up, didn't know about this one, and will definitely check it out :)