seg_yinzy
/
dify-docs
mirror of https://github.com/langgenius/dify-docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: ssrf (#86)

pull/87/head
Yeuoly 2024-05-13 13:49:49 +08:00 committed by GitHub
parent 139bea4e10
commit 0fb78068a3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
en/getting-started/install-self-hosted/install-faq.md
View File

@ -158,12 +158,21 @@ VECTOR_STORE: weaviate
flask vdb-migrarte # or docker exec -it docker-api-1 flask vdb-migrarte
```
### 16. Why is SYS\_ADMIN permission needed?
### 16. Why is SSRF_PROXY needed?
You might noticed that the `SSRF_PROXY` environment variable is configured in the `docker-compose.yaml` file, this is because the local deployment version of Dify uses the `SSRF_PROXY` to prevent SSRF attacks. You can refer to [here](https://portswigger.net/web-security/ssrf) for more information about SSRF attacks.
#### Why does the sandbox service need SYS\_ADMIN permission?
In order to avoid unnecessary risks, we have configured a proxy for all services that may cause SSRF attacks, and force services such as Sandbox to only access the external network through the proxy, so as to ensure the security of your data and services, by default, this proxy will not intercept any local requests, but you can customize the behavior of the proxy by modifying the configuration file of `squid`.
The sandbox service is based on `Seccomp` for sandbox isolation, but also, Docker is based on `Seccomp` for resource isolation. In Docker, Linux Seccomp BPF is disabled by default, which prevents the use of `Seccomp` in containers, so SYS\_ADMIN permission is required to enable `Seccomp`.
#### How to customize the proxy behavior?
In `docker/volumes/ssrf_proxy/squid.conf`, you can find the config file of the proxy, for example, you want to allow `192.168.101.0/24` to be accessed by the proxy, but you have a IP `192.168.101.19` which contains sensitive data, you don't want the users of your locally deployed dify to access this IP, but you want other IPs to access it, you can add the following rules to `squid.conf`:
#### How does the sandbox service ensure security?
```
acl restricted_ip dst 192.168.101.19
acl localnet src 192.168.101.0/24
As for the security of the sandbox service, we disabled all `file system`, `network`, `IPC`, `PID`, `user`, `mount`, `UTS`, and system access capabilities of all processes in the sandbox to ensure that malicious code is not executed. At the same time, we also isolate the files and network in the container to ensure that even if the code is executed, it cannot harm the system.
http_access deny restricted_ip
http_access allow localnet
http_access deny all
```
It's a simple example of course, you can customize the rules according to your needs. for more information about squid, you can refer to the [official documentation](http://www.squid-cache.org/Doc/config/).

24
zh_CN/learn-more/faq/install-faq.md
View File

@ -183,14 +183,26 @@ VECTOR_STORE: weaviate
flask vdb-migrarte # or docker exec -it docker-api-1 flask vdb-migrarte
```
### 18. 为什么Sandbox需要SYS\_ADMIN权限
### 18. 为什么需要SSRF_PROXY
在社区版的`docker-compose.yaml`中你可能注意到了一些服务配置有`SSRF_PROXY`和`HTTP_PROXY`等环境变量,并且他们都指向了一个`ssrf_proxy`容器这是因为为了避免SSRF攻击关于SSRF攻击你可以查看[这篇](https://portswigger.net/web-security/ssrf)文章。
#### 为什么需要 SYS\_ADMIN 权限?
为了避免不必要的风险我们给所有可能造成SSRF攻击的服务都配置了一个代理并强制如Sandbox等服务只能通过代理访问外部网络从而确保你的数据安全和服务安全默认的这个代理不会拦截任何本地的请求但是你可以通过修改`squid`的配置文件来自定义代理的行为。
Sandbox 基于`Seccomp`进行沙箱隔离而Docker也是基于`Seccomp`进行资源隔离并且在Docker中Linux Seccomp BPF是被默认禁用的导致无法在容器中使用`Seccomp`因此需要SYS\_ADMIN权限来启用`Seccomp`。
#### 如何自定义代理的行为?
在`docker/volumes/ssrf_proxy/squid.conf`中,你可以找到`squid`的配置文件你可以在这里自定义代理的行为比如你可以添加一些ACL规则来限制代理的访问或者添加一些`http_access`规则来限制代理的访问,例如,您的本地可以访问`192.168.101.0/24`这个网段,但是其中的`192.168.101.19`这个IP具有敏感数据你不希望使用你本地部署的dify的用户访问到这个IP但是想要其他的IP可以访问你可以在`squid.conf`中添加如下规则:
### 19. 我如何将我自己创建的应用设置为应用模板?
```
acl restricted_ip dst 192.168.101.19
acl localnet src 192.168.101.0/24
http_access deny restricted_ip
http_access allow localnet
http_access deny all
```
当然,这只是一个简单的例子,你可以根据你的需求来自定义代理的行为,如果您的业务更加复杂,比如说需要给代理配置上游代理,或者需要配置缓存等,你可以查看[squid的配置文档](http://www.squid-cache.org/Doc/config/)来了解更多。
### 19. 如何将自己创建的应用设置为模板?
目前还不支持将你自己创建的应用设置为模板。现有的模板是由Dify官方为云版本用户参考提供的。如果你正在使用云版本你可以将应用添加到你的工作空间或者在修改后定制它们以创建你自己的应用。如果你正在使用社区版本并且需要为你的团队创建更多的应用模板你可以咨询我们的商务团队以获得付费技术支持[business@dify.ai](mailto:business@dify.ai)
### 20.502 Bad Gateway
@ -207,7 +219,3 @@ docker ps -q | xargs -n 1 docker inspect --format '{{ .Name }}: {{range .Network
记住后面的IP地址。然后打开你存放dify源代码的地方打开`dify/docker/nginx/conf.d`,将`http://api:5001`替换为`http://172.19.0.7:5001`,将`http://web:3000`替换为`http://172.19.0.5:3000`随后重启Nginx容器或者重载配置。
这些IP地址是***示例性*** 的你必须执行命令获取你自己的IP地址不要直接填入。
你可能在重新启动相关容器时需要再次根据IP进行配置。
#### 安全性问题
至于安全性问题我们禁用了Sandbox中所有进程的文件、网络、IPC、PID、用户、mount、UTS、系统访问等能力以确保恶意代码不会被执行同时我们还额外隔离了容器中的文件和网络以确保在即使代码被执行也无法对系统造成危害。