mirror of
https://github.com/QuantumNous/new-api.git
synced 2026-03-30 09:55:01 +00:00
feat: add experimental IP filtering for domains and update related settings
This commit is contained in:
CaIon
@@ -16,8 +16,8 @@ type FetchSetting struct {
|
||||
var defaultFetchSetting = FetchSetting{
|
||||
EnableSSRFProtection: true, // 默认开启SSRF防护
|
||||
AllowPrivateIp: false,
|
||||
DomainFilterMode: true,
|
||||
IpFilterMode: true,
|
||||
DomainFilterMode: false,
|
||||
IpFilterMode: false,
|
||||
DomainList: []string{},
|
||||
IpList: []string{},
|
||||
AllowedPorts: []string{"80", "443", "8080", "8443"},
|
||||
|
||||
@@ -92,8 +92,8 @@ const SystemSetting = () => {
|
||||
// SSRF防护配置
|
||||
'fetch_setting.enable_ssrf_protection': true,
|
||||
'fetch_setting.allow_private_ip': '',
|
||||
'fetch_setting.domain_filter_mode': true, // true 白名单,false 黑名单
|
||||
'fetch_setting.ip_filter_mode': true, // true 白名单,false 黑名单
|
||||
'fetch_setting.domain_filter_mode': false, // true 白名单,false 黑名单
|
||||
'fetch_setting.ip_filter_mode': false, // true 白名单,false 黑名单
|
||||
'fetch_setting.domain_list': [],
|
||||
'fetch_setting.ip_list': [],
|
||||
'fetch_setting.allowed_ports': [],
|
||||
@@ -726,10 +726,10 @@ const SystemSetting = () => {
|
||||
style={{ marginTop: 16 }}
|
||||
>
|
||||
<Col xs={24} sm={24} md={24} lg={24} xl={24}>
|
||||
<Banner type='warning' description={t('此功能为实验性选项,域名可能解析到多个 IPv4/IPv6 地址,若开启,请确保 IP 过滤列表覆盖这些地址,否则可能导致访问失败。')} style={{ marginBottom: 8 }} />
|
||||
<Form.Checkbox
|
||||
field='fetch_setting.apply_ip_filter_for_domain'
|
||||
noLabel
|
||||
extraText={t('域名IP过滤详细说明')}
|
||||
onChange={(e) =>
|
||||
handleCheckboxChange('fetch_setting.apply_ip_filter_for_domain', e)
|
||||
}
|
||||
|
||||
@@ -2098,7 +2098,6 @@
|
||||
"支持通配符格式,如:example.com, *.api.example.com": "Supports wildcard format, e.g.: example.com, *.api.example.com",
|
||||
"域名白名单详细说明": "Whitelisted domains bypass all SSRF checks and are allowed direct access. Supports exact domains (example.com) or wildcards (*.api.example.com) for subdomains. When whitelist is empty, all domains go through SSRF validation.",
|
||||
"输入域名后回车,如:example.com": "Enter domain and press Enter, e.g.: example.com",
|
||||
"IP白名单": "IP Whitelist",
|
||||
"支持CIDR格式,如:8.8.8.8, 192.168.1.0/24": "Supports CIDR format, e.g.: 8.8.8.8, 192.168.1.0/24",
|
||||
"IP白名单详细说明": "Controls which IP addresses are allowed access. Use single IPs (8.8.8.8) or CIDR notation (192.168.1.0/24). Empty whitelist allows all IPs (subject to private IP settings), non-empty whitelist only allows listed IPs.",
|
||||
"输入IP地址后回车,如:8.8.8.8": "Enter IP address and press Enter, e.g.: 8.8.8.8",
|
||||
@@ -2106,5 +2105,10 @@
|
||||
"支持单个端口和端口范围,如:80, 443, 8000-8999": "Supports single ports and port ranges, e.g.: 80, 443, 8000-8999",
|
||||
"端口配置详细说明": "Restrict external requests to specific ports. Use single ports (80, 443) or ranges (8000-8999). Empty list allows all ports. Default includes common web ports.",
|
||||
"输入端口后回车,如:80 或 8000-8999": "Enter port and press Enter, e.g.: 80 or 8000-8999",
|
||||
"更新SSRF防护设置": "Update SSRF Protection Settings"
|
||||
"更新SSRF防护设置": "Update SSRF Protection Settings",
|
||||
"对域名启用 IP 过滤(实验性)": "Enable IP filtering for domains (experimental)",
|
||||
"域名IP过滤详细说明": "⚠️ This is an experimental option. A domain may resolve to multiple IPv4/IPv6 addresses. If enabled, ensure the IP filter list covers these addresses, otherwise access may fail.",
|
||||
"域名黑名单": "Domain Blacklist",
|
||||
"白名单": "Whitelist",
|
||||
"黑名单": "Blacklist"
|
||||
}
|
||||
|
||||
@@ -31,5 +31,6 @@
|
||||
"支持单个端口和端口范围,如:80, 443, 8000-8999": "支持单个端口和端口范围,如:80, 443, 8000-8999",
|
||||
"端口配置详细说明": "限制外部请求只能访问指定端口。支持单个端口(80, 443)或端口范围(8000-8999)。空列表允许所有端口。默认包含常用Web端口。",
|
||||
"输入端口后回车,如:80 或 8000-8999": "输入端口后回车,如:80 或 8000-8999",
|
||||
"更新SSRF防护设置": "更新SSRF防护设置"
|
||||
"更新SSRF防护设置": "更新SSRF防护设置",
|
||||
"域名IP过滤详细说明": "⚠️此功能为实验性选项,域名可能解析到多个 IPv4/IPv6 地址,若开启,请确保 IP 过滤列表覆盖这些地址,否则可能导致访问失败。"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user