chore: harden SSRF proxy configuration with strict defaults

- Block all private/internal networks by default to prevent SSRF attacks - Restrict ports to only HTTP (80) and HTTPS (443) - Deny all requests by default unless explicitly whitelisted - Add customization support via conf.d directory for local overrides - Provide example configurations for common use cases - Add CI/testing setup script to ensure tests pass with strict config - Update docker-compose files to support custom config mounting - Add comprehensive documentation with security warnings
2025-08-24 04:03:18 +08:00 · 2025-08-24 04:03:18 +08:00 · 1a49febc02
parent 9e2b6325f3
commit 1a49febc02
8 changed files with 65 additions and 6 deletions
--- a/.github/workflows/api-tests.yml
+++ b/.github/workflows/api-tests.yml
@ -80,6 +80,9 @@ jobs:
          cp docker/.env.example docker/.env
          cp docker/middleware.env.example docker/middleware.env

+      - name: Setup SSRF Proxy for Testing
+        run: sh docker/ssrf_proxy/setup-testing.sh
+
      - name: Expose Service Ports
        run: sh .github/workflows/expose_service_ports.sh

--- a/docker/docker-compose.middleware.yaml
+++ b/docker/docker-compose.middleware.yaml
@ -141,6 +141,7 @@ services:
    volumes:
      - ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
      - ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+      - ./ssrf_proxy/conf.d:/etc/squid/conf.d:ro
    entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
    env_file:
      - ./middleware.env
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@ -811,6 +811,9 @@ services:
    volumes:
      - ./ssrf_proxy/squid.conf.template:/etc/squid/squid.conf.template
      - ./ssrf_proxy/docker-entrypoint.sh:/docker-entrypoint-mount.sh
+      # Optional: Mount custom config directory for additional rules
+      # Uncomment the line below and create conf.d directory with custom .conf files
+      # - ./ssrf_proxy/conf.d:/etc/squid/conf.d:ro
    entrypoint: [ 'sh', '-c', "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
    environment:
      # pls clearly modify the squid env vars to fit your network environment.
--- a/docker/ssrf_proxy/.gitignore
+++ b/docker/ssrf_proxy/.gitignore
@ -0,0 +1,2 @@
+# Ignore the conf.d directory that's created for testing/local overrides
+conf.d/
--- a/docker/ssrf_proxy/README.md
+++ b/docker/ssrf_proxy/README.md
@ -61,6 +61,7 @@ spec:

 The `conf.d.example/` directory contains example configurations:

+- **00-testing-environment.conf.example**: Configuration for CI/testing environments (NOT for production)
 - **10-allow-marketplace.conf.example**: Allow access to Dify marketplace
 - **20-allow-internal-services.conf.example**: Allow internal services (use with caution!)
 - **30-allow-external-domains.conf.example**: Allow specific external domains
--- a/docker/ssrf_proxy/conf.d.example/00-testing-environment.conf.example
+++ b/docker/ssrf_proxy/conf.d.example/00-testing-environment.conf.example
@ -0,0 +1,12 @@
+# Configuration for CI/Testing Environment
+# Copy this file to /etc/squid/conf.d/00-testing-environment.conf when running tests
+# WARNING: This configuration is ONLY for testing and should NOT be used in production
+
+# Allow access to sandbox service for integration tests
+acl sandbox_service dst sandbox
+http_access allow sandbox_service
+
+# Allow access to Docker internal networks for testing
+# This is needed when services communicate within Docker networks
+acl docker_internal dst 172.16.0.0/12
+http_access allow docker_internal
--- a/docker/ssrf_proxy/setup-testing.sh
+++ b/docker/ssrf_proxy/setup-testing.sh
@ -0,0 +1,29 @@
+#!/bin/bash
+# Setup script for SSRF proxy in testing/CI environments
+# This script creates the necessary configuration to allow sandbox access during tests
+
+echo "Setting up SSRF proxy for testing environment..."
+
+# Create conf.d directory if it doesn't exist
+mkdir -p "$(dirname "$0")/conf.d"
+
+# Copy testing configuration
+cat > "$(dirname "$0")/conf.d/00-testing-environment.conf" << 'EOF'
+# CI/Testing Environment Configuration
+# This configuration is automatically generated for testing
+# DO NOT USE IN PRODUCTION
+
+# Allow access to sandbox service for integration tests
+acl sandbox_service dst sandbox
+http_access allow sandbox_service
+
+# Allow access to Docker internal networks for testing
+acl docker_internal dst 172.16.0.0/12
+http_access allow docker_internal
+
+# Allow localhost connections for testing
+acl test_localhost dst 127.0.0.1 ::1
+http_access allow test_localhost
+EOF
+
+echo "SSRF proxy testing configuration created successfully."
--- a/docker/ssrf_proxy/squid.conf.template
+++ b/docker/ssrf_proxy/squid.conf.template
@ -25,7 +25,14 @@ acl Safe_ports port 80          # http
 acl Safe_ports port 443         # https
 acl CONNECT method CONNECT

-################################## Strict Default Rules ##################################
+################################## Access Control Rules ##################################
+# IMPORTANT: Order matters! First matching rule wins.
+
+# Special rule for reverse proxy port (sandbox access)
+# This must come FIRST to bypass other restrictions for sandbox connectivity
+acl reverse_proxy_port myport ${REVERSE_PROXY_PORT}
+http_access allow reverse_proxy_port
+
 # DENY access to all private/local networks - prevents SSRF attacks
 http_access deny private_networks

@ -39,7 +46,10 @@ http_access deny CONNECT !SSL_ports
 http_access allow localhost manager
 http_access deny manager

-# DENY all requests by default
+# Allow localhost to access services (needed for integration tests)
+acl localhost src 127.0.0.1/32 ::1
+http_access allow localhost
+
 # User overrides in /etc/squid/conf.d/*.conf should be placed here
 include /etc/squid/conf.d/*.conf

@ -64,12 +74,10 @@ refresh_pattern .		0	20%	4320
 # cache_peer <upstream_proxy_ip> parent 3128 0 no-query no-digest no-netdb-exchange default

 ################################## Reverse Proxy To Sandbox ##################################
+# This configuration allows the sandbox to be accessed through the reverse proxy
+# The reverse proxy port is separate from the main proxy port and has different rules
 http_port ${REVERSE_PROXY_PORT} accel vhost
 cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver

-# Allow reverse proxy access from all sources (for sandbox connectivity)
-acl reverse_proxy_port myport ${REVERSE_PROXY_PORT}
-http_access allow reverse_proxy_port
-
 # Buffer size for file uploads
 client_request_buffer_max_size 100 MB