diff --git a/setting/system_setting/fetch_setting.go b/setting/system_setting/fetch_setting.go
index 3c7f1e059..c41b930af 100644
--- a/setting/system_setting/fetch_setting.go
+++ b/setting/system_setting/fetch_setting.go
@@ -16,8 +16,8 @@ type FetchSetting struct {
var defaultFetchSetting = FetchSetting{
EnableSSRFProtection: true, // 默认开启SSRF防护
AllowPrivateIp: false,
- DomainFilterMode: true,
- IpFilterMode: true,
+ DomainFilterMode: false,
+ IpFilterMode: false,
DomainList: []string{},
IpList: []string{},
AllowedPorts: []string{"80", "443", "8080", "8443"},
diff --git a/web/src/components/settings/SystemSetting.jsx b/web/src/components/settings/SystemSetting.jsx
index 3218cdf07..f9a2c019d 100644
--- a/web/src/components/settings/SystemSetting.jsx
+++ b/web/src/components/settings/SystemSetting.jsx
@@ -92,8 +92,8 @@ const SystemSetting = () => {
// SSRF防护配置
'fetch_setting.enable_ssrf_protection': true,
'fetch_setting.allow_private_ip': '',
- 'fetch_setting.domain_filter_mode': true, // true 白名单,false 黑名单
- 'fetch_setting.ip_filter_mode': true, // true 白名单,false 黑名单
+ 'fetch_setting.domain_filter_mode': false, // true 白名单,false 黑名单
+ 'fetch_setting.ip_filter_mode': false, // true 白名单,false 黑名单
'fetch_setting.domain_list': [],
'fetch_setting.ip_list': [],
'fetch_setting.allowed_ports': [],
@@ -726,10 +726,10 @@ const SystemSetting = () => {
style={{ marginTop: 16 }}
>
-
handleCheckboxChange('fetch_setting.apply_ip_filter_for_domain', e)
}
diff --git a/web/src/i18n/locales/en.json b/web/src/i18n/locales/en.json
index 6759f53e8..0af06477a 100644
--- a/web/src/i18n/locales/en.json
+++ b/web/src/i18n/locales/en.json
@@ -2098,7 +2098,6 @@
"支持通配符格式,如:example.com, *.api.example.com": "Supports wildcard format, e.g.: example.com, *.api.example.com",
"域名白名单详细说明": "Whitelisted domains bypass all SSRF checks and are allowed direct access. Supports exact domains (example.com) or wildcards (*.api.example.com) for subdomains. When whitelist is empty, all domains go through SSRF validation.",
"输入域名后回车,如:example.com": "Enter domain and press Enter, e.g.: example.com",
- "IP白名单": "IP Whitelist",
"支持CIDR格式,如:8.8.8.8, 192.168.1.0/24": "Supports CIDR format, e.g.: 8.8.8.8, 192.168.1.0/24",
"IP白名单详细说明": "Controls which IP addresses are allowed access. Use single IPs (8.8.8.8) or CIDR notation (192.168.1.0/24). Empty whitelist allows all IPs (subject to private IP settings), non-empty whitelist only allows listed IPs.",
"输入IP地址后回车,如:8.8.8.8": "Enter IP address and press Enter, e.g.: 8.8.8.8",
@@ -2106,5 +2105,10 @@
"支持单个端口和端口范围,如:80, 443, 8000-8999": "Supports single ports and port ranges, e.g.: 80, 443, 8000-8999",
"端口配置详细说明": "Restrict external requests to specific ports. Use single ports (80, 443) or ranges (8000-8999). Empty list allows all ports. Default includes common web ports.",
"输入端口后回车,如:80 或 8000-8999": "Enter port and press Enter, e.g.: 80 or 8000-8999",
- "更新SSRF防护设置": "Update SSRF Protection Settings"
+ "更新SSRF防护设置": "Update SSRF Protection Settings",
+ "对域名启用 IP 过滤(实验性)": "Enable IP filtering for domains (experimental)",
+ "域名IP过滤详细说明": "⚠️ This is an experimental option. A domain may resolve to multiple IPv4/IPv6 addresses. If enabled, ensure the IP filter list covers these addresses, otherwise access may fail.",
+ "域名黑名单": "Domain Blacklist",
+ "白名单": "Whitelist",
+ "黑名单": "Blacklist"
}
diff --git a/web/src/i18n/locales/zh.json b/web/src/i18n/locales/zh.json
index 717770449..95fa06414 100644
--- a/web/src/i18n/locales/zh.json
+++ b/web/src/i18n/locales/zh.json
@@ -31,5 +31,6 @@
"支持单个端口和端口范围,如:80, 443, 8000-8999": "支持单个端口和端口范围,如:80, 443, 8000-8999",
"端口配置详细说明": "限制外部请求只能访问指定端口。支持单个端口(80, 443)或端口范围(8000-8999)。空列表允许所有端口。默认包含常用Web端口。",
"输入端口后回车,如:80 或 8000-8999": "输入端口后回车,如:80 或 8000-8999",
- "更新SSRF防护设置": "更新SSRF防护设置"
+ "更新SSRF防护设置": "更新SSRF防护设置",
+ "域名IP过滤详细说明": "⚠️此功能为实验性选项,域名可能解析到多个 IPv4/IPv6 地址,若开启,请确保 IP 过滤列表覆盖这些地址,否则可能导致访问失败。"
}