opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-07 16:57:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,010 Commits 445 Branches 169 Tags 662 MiB
621ede0f7b
Commit Graph

3 Commits

Author SHA1 Message Date
-LAN-
621ede0f7b
chore: allow marketplace access by default in SSRF proxy 
- Add marketplace.dify.ai to default allowed domains in squid.conf
- Remove separate marketplace configuration example as it's no longer needed
- Update documentation to reflect marketplace is allowed by default
 2025-09-01 13:45:08 +08:00
-LAN-
1a49febc02
chore: harden SSRF proxy configuration with strict defaults 
- Block all private/internal networks by default to prevent SSRF attacks
- Restrict ports to only HTTP (80) and HTTPS (443)
- Deny all requests by default unless explicitly whitelisted
- Add customization support via conf.d directory for local overrides
- Provide example configurations for common use cases
- Add CI/testing setup script to ensure tests pass with strict config
- Update docker-compose files to support custom config mounting
- Add comprehensive documentation with security warnings
 2025-09-01 13:45:07 +08:00
-LAN-
23c97ec7f7
chore: strengthen SSRF proxy default configuration 
- Block all private/internal networks by default to prevent SSRF attacks
- Restrict allowed ports to only HTTP (80) and HTTPS (443)
- Remove default domain allowlists (e.g., marketplace.dify.ai)
- Implement deny-all-by-default policy with explicit whitelisting
- Add example configuration files for common customization scenarios
- Provide comprehensive documentation for security configuration

Fixes #24392
 2025-09-01 13:45:07 +08:00