- Move docker/ssrf_proxy/conf.d/ ignore rule to root .gitignore
- Remove redundant docker/ssrf_proxy/.gitignore file
- Keep all gitignore rules in a single location for better maintainability
- Rename example configs to maintain sequential numbering (10, 20, 30)
- Update README to reflect new file numbering
- Keep testing config as 00 since it's a special case
- Add marketplace.dify.ai to default allowed domains in squid.conf
- Remove separate marketplace configuration example as it's no longer needed
- Update documentation to reflect marketplace is allowed by default
- Block all private/internal networks by default to prevent SSRF attacks
- Restrict ports to only HTTP (80) and HTTPS (443)
- Deny all requests by default unless explicitly whitelisted
- Add customization support via conf.d directory for local overrides
- Provide example configurations for common use cases
- Add CI/testing setup script to ensure tests pass with strict config
- Update docker-compose files to support custom config mounting
- Add comprehensive documentation with security warnings
- Block all private/internal networks by default to prevent SSRF attacks
- Restrict allowed ports to only HTTP (80) and HTTPS (443)
- Remove default domain allowlists (e.g., marketplace.dify.ai)
- Implement deny-all-by-default policy with explicit whitelisting
- Add example configuration files for common customization scenarios
- Provide comprehensive documentation for security configuration
Fixes#24392
autofix-ci[bot]