huangzhenpc/new-api-oiss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement SSRF protection settings and update related references

Browse Source
This commit is contained in:
CaIon
2025-09-13 17:34:22 +08:00
parent 523ee96bff
commit c3f5478593
10 changed files with 727 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
web/src/i18n/locales/en.json
View File

@@ -2084,5 +2084,27 @@
"原价": "Original price",
"优惠": "Discount",
"折": "% off",
"节省": "Save"
"节省": "Save",
"代理设置": "Proxy Settings",
"更新Worker设置": "Update Worker Settings",
"SSRF防护设置": "SSRF Protection Settings",
"配置服务器端请求伪造(SSRF)防护,用于保护内网资源安全": "Configure Server-Side Request Forgery (SSRF) protection to secure internal network resources",
"SSRF防护详细说明": "SSRF protection prevents malicious users from using your server to access internal network resources. Configure whitelists for trusted domains/IPs and restrict allowed ports. Applies to file downloads, webhooks, and notifications.",
"启用SSRF防护推荐开启以保护服务器安全": "Enable SSRF Protection (Recommended for server security)",
"SSRF防护开关详细说明": "Master switch controls whether SSRF protection is enabled. When disabled, all SSRF checks are bypassed, allowing access to any URL. ⚠️ Only disable this feature in completely trusted environments.",
"允许访问私有IP地址127.0.0.1、192.168.x.x等内网地址": "Allow access to private IP addresses (127.0.0.1, 192.168.x.x and other internal addresses)",
"私有IP访问详细说明": "⚠️ Security Warning: Enabling this allows access to internal network resources (localhost, private networks). Only enable if you need to access internal services and understand the security implications.",
"域名白名单": "Domain Whitelist",
"支持通配符格式example.com, *.api.example.com": "Supports wildcard format, e.g.: example.com, *.api.example.com",
"域名白名单详细说明": "Whitelisted domains bypass all SSRF checks and are allowed direct access. Supports exact domains (example.com) or wildcards (*.api.example.com) for subdomains. When whitelist is empty, all domains go through SSRF validation.",
"输入域名后回车example.com": "Enter domain and press Enter, e.g.: example.com",
"IP白名单": "IP Whitelist",
"支持CIDR格式8.8.8.8, 192.168.1.0/24": "Supports CIDR format, e.g.: 8.8.8.8, 192.168.1.0/24",
"IP白名单详细说明": "Controls which IP addresses are allowed access. Use single IPs (8.8.8.8) or CIDR notation (192.168.1.0/24). Empty whitelist allows all IPs (subject to private IP settings), non-empty whitelist only allows listed IPs.",
"输入IP地址后回车8.8.8.8": "Enter IP address and press Enter, e.g.: 8.8.8.8",
"允许的端口": "Allowed Ports",
"支持单个端口和端口范围80, 443, 8000-8999": "Supports single ports and port ranges, e.g.: 80, 443, 8000-8999",
"端口配置详细说明": "Restrict external requests to specific ports. Use single ports (80, 443) or ranges (8000-8999). Empty list allows all ports. Default includes common web ports.",
"输入端口后回车80 或 8000-8999": "Enter port and press Enter, e.g.: 80 or 8000-8999",
"更新SSRF防护设置": "Update SSRF Protection Settings"
}

24
web/src/i18n/locales/zh.json
View File

@@ -9,5 +9,27 @@
"语言": "语言",
"展开侧边栏": "展开侧边栏",
"关闭侧边栏": "关闭侧边栏",
"注销成功!": "注销成功!"
"注销成功!": "注销成功!",
"代理设置": "代理设置",
"更新Worker设置": "更新Worker设置",
"SSRF防护设置": "SSRF防护设置",
"配置服务器端请求伪造(SSRF)防护,用于保护内网资源安全": "配置服务器端请求伪造(SSRF)防护,用于保护内网资源安全",
"SSRF防护详细说明": "SSRF防护可防止恶意用户利用您的服务器访问内网资源。您可以配置受信任域名/IP的白名单并限制允许的端口。适用于文件下载、Webhook回调和通知功能。",
"启用SSRF防护推荐开启以保护服务器安全": "启用SSRF防护推荐开启以保护服务器安全",
"SSRF防护开关详细说明": "总开关控制是否启用SSRF防护功能。关闭后将跳过所有SSRF检查允许访问任意URL。⚠ 仅在完全信任环境中关闭此功能。",
"允许访问私有IP地址127.0.0.1、192.168.x.x等内网地址": "允许访问私有IP地址127.0.0.1、192.168.x.x等内网地址",
"私有IP访问详细说明": "⚠️ 安全警告:启用此选项将允许访问内网资源(本地主机、私有网络)。仅在需要访问内部服务且了解安全风险的情况下启用。",
"域名白名单": "域名白名单",
"支持通配符格式example.com, *.api.example.com": "支持通配符格式example.com, *.api.example.com",
"域名白名单详细说明": "白名单中的域名将绕过所有SSRF检查直接允许访问。支持精确域名example.com或通配符*.api.example.com匹配子域名。白名单为空时所有域名都需要通过SSRF检查。",
"输入域名后回车example.com": "输入域名后回车example.com",
"IP白名单": "IP白名单",
"支持CIDR格式8.8.8.8, 192.168.1.0/24": "支持CIDR格式8.8.8.8, 192.168.1.0/24",
"IP白名单详细说明": "控制允许访问的IP地址。支持单个IP8.8.8.8或CIDR网段192.168.1.0/24。空白名单允许所有IP但仍受私有IP设置限制非空白名单仅允许列表中的IP访问。",
"输入IP地址后回车8.8.8.8": "输入IP地址后回车8.8.8.8",
"允许的端口": "允许的端口",
"支持单个端口和端口范围80, 443, 8000-8999": "支持单个端口和端口范围80, 443, 8000-8999",
"端口配置详细说明": "限制外部请求只能访问指定端口。支持单个端口80, 443或端口范围8000-8999。空列表允许所有端口。默认包含常用Web端口。",
"输入端口后回车80 或 8000-8999": "输入端口后回车80 或 8000-8999",
"更新SSRF防护设置": "更新SSRF防护设置"
}