| 1234567891011121314151617181920212223242526272829303132333435363738 |
- # Squid SSRF Proxy 配置模板
- # 用于 Dify 的 HTTP 请求代理,防止 SSRF 攻击
-
- # 端口
- http_port 3128
-
- # 访问控制
- acl SSL_ports port 443
- acl Safe_ports port 80
- acl Safe_ports port 443
- acl Safe_ports port 1025-65535
- acl CONNECT method CONNECT
-
- # 拒绝非安全端口
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
-
- # 允许 Dify 内部服务访问
- acl dify_services src 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8
- http_access allow dify_services
-
- # 拒绝其他所有访问
- http_access deny all
-
- # 不显示 Squid 版本
- httpd_suppress_version_string on
-
- # 日志格式
- access_log /var/log/squid/access.log squid
- cache_log /var/log/squid/cache.log
-
- # 禁用缓存(仅作为代理使用)
- cache deny all
-
- # 连接超时
- connect_timeout 30 seconds
- read_timeout 60 seconds
- request_timeout 60 seconds
|
