A Holistic Evaluation of the Safeline WAF: A Study on Performance Scalability and Defense Efficacy

A Web Application Firewall (WAF) is a critical component in securing modern Web Applications. However, its deployment often impacts system performance and latency, making a comprehensive evaluation of both performance and protection essential. This paper presents a holistic assessment of Safeline, a modern container-based WAF solution, through two primary investigations: performance scalability and defense efficacy against selected OWASP Top 10 (2021) categories. The experiments were conducted in a virtualized environment. Performance scalability analysis used load testing tools to measure throughput sustained under varying allocations of vCPU and RAM resources. The evaluation of defense efficacy used penetration testing tools to evaluate the protection capabilities of WAF against different attack categories, tested under both default and customized rule configurations. The results indicate that WAF performance scales significantly with the number of vCPUs, while RAM size has only a minor effect. The reverse proxy of Safeline was identified as the main bottleneck in normal traffic. Furthermore, a diminishing returns effect and a performance anomaly were observed in the 4-vCPU configuration. From a security perspective, the default rule set provided partial protection; full coverage of the tested selected OWASP Top 10 (2021) categories required additional custom rule configurations. This study highlights the trade-off between performance and security, emphasizing the importance of proper resource allocation, alongside tailored security rule adjustments. The findings provide practical guidance for system administrators and security practitioners in planning and deploying WAF solutions for optimal performance and protection.