This content originally appeared on DEV Community and was authored by Sharon
Kong is a fast, cloud-native API gateway built to handle high-performance traffic routing, security, and observability for microservices. To further boost its security capabilities, you can integrate it with SafeLine WAF—a powerful open-source web application firewall.
In this guide, we’ll walk through how to install and configure the SafeLine plugin for Kong, test that it’s working, and block common attacks with ease.
Installing the SafeLine Plugin in Kong
Kong supports custom plugins written in Lua, which can be installed using LuaRocks. If you’ve installed Kong via the official package, luarocks should already be available on your system.
To install the SafeLine plugin:
luarocks install kong-safeline
Then, update your Kong configuration file (kong.conf) to enable the plugin:
plugins = bundled,safeline
This tells Kong to load both the default (bundled) plugins and the newly installed safeline plugin.
Finally, restart Kong to apply the changes:
kong restart
Configuring SafeLine for a Service
Once installed, you can enable the SafeLine plugin on specific services in Kong. You’ll need to pass in the SafeLine detector host and port (as set up in your SafeLine deployment):
curl -X POST http://localhost:8001/services/{service}/plugins \
--data "name=safeline" \
--data "config.safeline_host=<detector_host>" \
--data "config.safeline_port=<detector_port>"
Make sure to replace {service}, <detector_host>, and <detector_port> with your actual service name and SafeLine configuration.
Testing SafeLine WAF with Kong
You can verify the WAF integration by simulating a basic attack. For example, try sending a SQL injection-like request:
curl -X POST http://localhost:8000?1=1%20and%202=2
If everything is set up correctly, you should receive a response like this:
{
"code": 403,
"success": false,
"message": "blocked by Chaitin SafeLine Web Application Firewall",
"event_id": "8b41a021ea9541c89bb88f3773b4da24"
}
You can also log into the SafeLine dashboard to view detailed information about the blocked request, including payload, headers, and risk classification.
Summary
By combining Kong Gateway and SafeLine WAF, you get the best of both worlds: modern, scalable API management with strong security controls.
This integration lets you:
- Block malicious traffic at the gateway level
- Monitor attacks through a centralized dashboard
- Improve your DevSecOps posture without rewriting applications
Whether you’re running internal APIs or exposing public endpoints, adding SafeLine to your Kong deployment is a smart move toward better security.
Join SafeLine Community
This content originally appeared on DEV Community and was authored by Sharon