I'll have to check it out! The popular option for homelab or other indie scale is to just use the cloudflare's free-tier setup, which includes WAF, but I see a privacy hole where cloudflare needs to see your unencrypted HTTP traffic so that they can apply their WAF rules.
I've also been checking out CrowdSec. I appreciate it's modular architecture but it definitely deviates away from the folks that just wants to expose an HTTP service and get on with their lives. I've enjoyed the Caddy server for this reason, but yeah, not as secure-as-default when it comes to attacks a WAF would mitigate.
thanks for the tip! At a glance, the SafeLine looks very opaque.. not clear why it starts up so many docker containers and how they are built. I can appreciate that bunkerweb illustrated its architecture a bit more with their docs and descriptive image names.... E.g. `bunkerweb-scheduler` vs `safeline-luigi`
I've also been checking out CrowdSec. I appreciate it's modular architecture but it definitely deviates away from the folks that just wants to expose an HTTP service and get on with their lives. I've enjoyed the Caddy server for this reason, but yeah, not as secure-as-default when it comes to attacks a WAF would mitigate.