mirror of
https://github.com/langgenius/dify.git
synced 2026-03-24 15:57:55 +08:00
1a49febc02
- Block all private/internal networks by default to prevent SSRF attacks - Restrict ports to only HTTP (80) and HTTPS (443) - Deny all requests by default unless explicitly whitelisted - Add customization support via conf.d directory for local overrides - Provide example configurations for common use cases - Add CI/testing setup script to ensure tests pass with strict config - Update docker-compose files to support custom config mounting - Add comprehensive documentation with security warnings
12 lines
531 B
Plaintext
12 lines
531 B
Plaintext
# Configuration for CI/Testing Environment
|
|
# Copy this file to /etc/squid/conf.d/00-testing-environment.conf when running tests
|
|
# WARNING: This configuration is ONLY for testing and should NOT be used in production
|
|
|
|
# Allow access to sandbox service for integration tests
|
|
acl sandbox_service dst sandbox
|
|
http_access allow sandbox_service
|
|
|
|
# Allow access to Docker internal networks for testing
|
|
# This is needed when services communicate within Docker networks
|
|
acl docker_internal dst 172.16.0.0/12
|
|
http_access allow docker_internal |