dify/api/core/helper/ssrf_proxy.py

"""
Proxy requests to avoid SSRF
"""

import logging
import time

import httpx

from configs import dify_config
from core.helper.http_client_pooling import get_pooled_http_client

logger = logging.getLogger(__name__)

SSRF_DEFAULT_MAX_RETRIES = dify_config.SSRF_DEFAULT_MAX_RETRIES

BACKOFF_FACTOR = 0.5
STATUS_FORCELIST = [429, 500, 502, 503, 504]

_SSL_VERIFIED_POOL_KEY = "ssrf:verified"
_SSL_UNVERIFIED_POOL_KEY = "ssrf:unverified"
_SSRF_CLIENT_LIMITS = httpx.Limits(
    max_connections=dify_config.SSRF_POOL_MAX_CONNECTIONS,
    max_keepalive_connections=dify_config.SSRF_POOL_MAX_KEEPALIVE_CONNECTIONS,
    keepalive_expiry=dify_config.SSRF_POOL_KEEPALIVE_EXPIRY,
)


class MaxRetriesExceededError(ValueError):
    """Raised when the maximum number of retries is exceeded."""

    pass


def _create_proxy_mounts() -> dict[str, httpx.HTTPTransport]:
    return {
        "http://": httpx.HTTPTransport(
            proxy=dify_config.SSRF_PROXY_HTTP_URL,
        ),
        "https://": httpx.HTTPTransport(
            proxy=dify_config.SSRF_PROXY_HTTPS_URL,
        ),
    }


def _build_ssrf_client(verify: bool) -> httpx.Client:
    if dify_config.SSRF_PROXY_ALL_URL:
        return httpx.Client(
            proxy=dify_config.SSRF_PROXY_ALL_URL,
            verify=verify,
            limits=_SSRF_CLIENT_LIMITS,
        )

    if dify_config.SSRF_PROXY_HTTP_URL and dify_config.SSRF_PROXY_HTTPS_URL:
        return httpx.Client(
            mounts=_create_proxy_mounts(),
            verify=verify,
            limits=_SSRF_CLIENT_LIMITS,
        )

    return httpx.Client(verify=verify, limits=_SSRF_CLIENT_LIMITS)


def _get_ssrf_client(ssl_verify_enabled: bool) -> httpx.Client:
    if not isinstance(ssl_verify_enabled, bool):
        raise ValueError("SSRF client verify flag must be a boolean")

    return get_pooled_http_client(
        _SSL_VERIFIED_POOL_KEY if ssl_verify_enabled else _SSL_UNVERIFIED_POOL_KEY,
        lambda: _build_ssrf_client(verify=ssl_verify_enabled),
    )


def make_request(method, url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
    if "allow_redirects" in kwargs:
        allow_redirects = kwargs.pop("allow_redirects")
        if "follow_redirects" not in kwargs:
            kwargs["follow_redirects"] = allow_redirects

    if "timeout" not in kwargs:
        kwargs["timeout"] = httpx.Timeout(
            timeout=dify_config.SSRF_DEFAULT_TIME_OUT,
            connect=dify_config.SSRF_DEFAULT_CONNECT_TIME_OUT,
            read=dify_config.SSRF_DEFAULT_READ_TIME_OUT,
            write=dify_config.SSRF_DEFAULT_WRITE_TIME_OUT,
        )

    # prioritize per-call option, which can be switched on and off inside the HTTP node on the web UI
    verify_option = kwargs.pop("ssl_verify", dify_config.HTTP_REQUEST_NODE_SSL_VERIFY)
    client = _get_ssrf_client(verify_option)

    retries = 0
    while retries <= max_retries:
        try:
            response = client.request(method=method, url=url, **kwargs)

            if response.status_code not in STATUS_FORCELIST:
                return response
            else:
                logger.warning(
                    "Received status code %s for URL %s which is in the force list",
                    response.status_code,
                    url,
                )

        except httpx.RequestError as e:
            logger.warning("Request to URL %s failed on attempt %s: %s", url, retries + 1, e)
            if max_retries == 0:
                raise

        retries += 1
        if retries <= max_retries:
            time.sleep(BACKOFF_FACTOR * (2 ** (retries - 1)))
    raise MaxRetriesExceededError(f"Reached maximum retries ({max_retries}) for URL {url}")


def get(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
    return make_request("GET", url, max_retries=max_retries, **kwargs)


def post(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
    return make_request("POST", url, max_retries=max_retries, **kwargs)


def put(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
    return make_request("PUT", url, max_retries=max_retries, **kwargs)


def patch(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
    return make_request("PATCH", url, max_retries=max_retries, **kwargs)


def delete(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
    return make_request("DELETE", url, max_retries=max_retries, **kwargs)


def head(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):
    return make_request("HEAD", url, max_retries=max_retries, **kwargs)
Feat/show detailed custom api response when testing (#2400) 2024-02-05 18:48:30 +08:00			`"""`
			`Proxy requests to avoid SSRF`
			`"""`
chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`import logging`
			`import time`
Feat/show detailed custom api response when testing (#2400) 2024-02-05 18:48:30 +08:00
chore: refactor the http executor node (#5212) 2024-06-24 16:14:59 +08:00			`import httpx`
enhancement: introduce Ruff for Python linter for reordering and removing unused imports with automated pre-commit and sytle check (#2366) 2024-02-06 13:21:13 +08:00
fix: config violations when running db migtration ci tests (#10428) 2024-11-08 09:33:12 +08:00			`from configs import dify_config`
improve: pooling httpx clients for requests to code sandbox and ssrf (#26052) 2025-09-24 22:14:50 +08:00			`from core.helper.http_client_pooling import get_pooled_http_client`
fix: config violations when running db migtration ci tests (#10428) 2024-11-08 09:33:12 +08:00
Refactor: use logger = logging.getLogger(__name__) in logging (#24515) Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> 2025-08-26 18:10:31 +08:00			`logger = logging.getLogger(__name__)`

fix: config violations when running db migtration ci tests (#10428) 2024-11-08 09:33:12 +08:00			`SSRF_DEFAULT_MAX_RETRIES = dify_config.SSRF_DEFAULT_MAX_RETRIES`
Feat/show detailed custom api response when testing (#2400) 2024-02-05 18:48:30 +08:00
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`BACKOFF_FACTOR = 0.5`
			`STATUS_FORCELIST = [429, 500, 502, 503, 504]`
chore: refactor the http executor node (#5212) 2024-06-24 16:14:59 +08:00
improve: pooling httpx clients for requests to code sandbox and ssrf (#26052) 2025-09-24 22:14:50 +08:00			`_SSL_VERIFIED_POOL_KEY = "ssrf:verified"`
			`_SSL_UNVERIFIED_POOL_KEY = "ssrf:unverified"`
			`_SSRF_CLIENT_LIMITS = httpx.Limits(`
			`max_connections=dify_config.SSRF_POOL_MAX_CONNECTIONS,`
			`max_keepalive_connections=dify_config.SSRF_POOL_MAX_KEEPALIVE_CONNECTIONS,`
			`keepalive_expiry=dify_config.SSRF_POOL_KEEPALIVE_EXPIRY,`
			`)`

chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00
fix: change MaxRetriesExceededError to inherit from ValueError (#11934) Signed-off-by: -LAN- <laipz8200@outlook.com> 2024-12-21 21:22:47 +08:00			`class MaxRetriesExceededError(ValueError):`
Feat: continue on error (#11458) Co-authored-by: Novice Lee <novicelee@NovicedeMacBook-Pro.local> Co-authored-by: Novice Lee <novicelee@NoviPro.local> 2024-12-11 14:22:42 +08:00			`"""Raised when the maximum number of retries is exceeded."""`

			`pass`


improve: pooling httpx clients for requests to code sandbox and ssrf (#26052) 2025-09-24 22:14:50 +08:00			`def _create_proxy_mounts() -> dict[str, httpx.HTTPTransport]:`
			`return {`
			`"http://": httpx.HTTPTransport(`
			`proxy=dify_config.SSRF_PROXY_HTTP_URL,`
			`),`
			`"https://": httpx.HTTPTransport(`
			`proxy=dify_config.SSRF_PROXY_HTTPS_URL,`
			`),`
			`}`


			`def _build_ssrf_client(verify: bool) -> httpx.Client:`
			`if dify_config.SSRF_PROXY_ALL_URL:`
			`return httpx.Client(`
			`proxy=dify_config.SSRF_PROXY_ALL_URL,`
			`verify=verify,`
			`limits=_SSRF_CLIENT_LIMITS,`
			`)`

			`if dify_config.SSRF_PROXY_HTTP_URL and dify_config.SSRF_PROXY_HTTPS_URL:`
			`return httpx.Client(`
			`mounts=_create_proxy_mounts(),`
			`verify=verify,`
			`limits=_SSRF_CLIENT_LIMITS,`
			`)`

			`return httpx.Client(verify=verify, limits=_SSRF_CLIENT_LIMITS)`


			`def _get_ssrf_client(ssl_verify_enabled: bool) -> httpx.Client:`
			`if not isinstance(ssl_verify_enabled, bool):`
			`raise ValueError("SSRF client verify flag must be a boolean")`

			`return get_pooled_http_client(`
			`_SSL_VERIFIED_POOL_KEY if ssl_verify_enabled else _SSL_UNVERIFIED_POOL_KEY,`
			`lambda: _build_ssrf_client(verify=ssl_verify_enabled),`
			`)`


feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`def make_request(method, url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):`
security/SSRF vulns (#6682) 2024-07-25 20:50:26 +08:00			`if "allow_redirects" in kwargs:`
			`allow_redirects = kwargs.pop("allow_redirects")`
			`if "follow_redirects" not in kwargs:`
			`kwargs["follow_redirects"] = allow_redirects`
chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00
feat: The SSRF request timeout configuration item is added (#10292) 2024-11-06 08:50:57 +08:00			`if "timeout" not in kwargs:`
			`kwargs["timeout"] = httpx.Timeout(`
fix: config violations when running db migtration ci tests (#10428) 2024-11-08 09:33:12 +08:00			`timeout=dify_config.SSRF_DEFAULT_TIME_OUT,`
			`connect=dify_config.SSRF_DEFAULT_CONNECT_TIME_OUT,`
			`read=dify_config.SSRF_DEFAULT_READ_TIME_OUT,`
			`write=dify_config.SSRF_DEFAULT_WRITE_TIME_OUT,`
feat: The SSRF request timeout configuration item is added (#10292) 2024-11-06 08:50:57 +08:00			`)`

improve: pooling httpx clients for requests to code sandbox and ssrf (#26052) 2025-09-24 22:14:50 +08:00			`# prioritize per-call option, which can be switched on and off inside the HTTP node on the web UI`
			`verify_option = kwargs.pop("ssl_verify", dify_config.HTTP_REQUEST_NODE_SSL_VERIFY)`
			`client = _get_ssrf_client(verify_option)`
Http requests node add ssl verify (#18125) Co-authored-by: lizb <lizb@sugon.com> 2025-04-16 15:59:34 +08:00
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`retries = 0`
			`while retries <= max_retries:`
			`try:`
improve: pooling httpx clients for requests to code sandbox and ssrf (#26052) 2025-09-24 22:14:50 +08:00			`response = client.request(method=method, url=url, **kwargs)`
chore: refactor the http executor node (#5212) 2024-06-24 16:14:59 +08:00
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`if response.status_code not in STATUS_FORCELIST:`
			`return response`
			`else:`
Refactor: use logger = logging.getLogger(__name__) in logging (#24515) Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> 2025-08-26 18:10:31 +08:00			`logger.warning(`
improve: pooling httpx clients for requests to code sandbox and ssrf (#26052) 2025-09-24 22:14:50 +08:00			`"Received status code %s for URL %s which is in the force list",`
			`response.status_code,`
			`url,`
make logging not use f-str, change others to f-str (#22882) 2025-07-25 11:32:48 +09:00			`)`
chore: refactor the http executor node (#5212) 2024-06-24 16:14:59 +08:00
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`except httpx.RequestError as e:`
Refactor: use logger = logging.getLogger(__name__) in logging (#24515) Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> 2025-08-26 18:10:31 +08:00			`logger.warning("Request to URL %s failed on attempt %s: %s", url, retries + 1, e)`
fix: remove the unused retry index field (#11903) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: Novice Lee <novicelee@NoviPro.local> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-12-23 14:32:11 +08:00			`if max_retries == 0:`
			`raise`
chore: refactor the http executor node (#5212) 2024-06-24 16:14:59 +08:00
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`retries += 1`
			`if retries <= max_retries:`
			`time.sleep(BACKOFF_FACTOR * (2 ** (retries - 1)))`
Feat: continue on error (#11458) Co-authored-by: Novice Lee <novicelee@NovicedeMacBook-Pro.local> Co-authored-by: Novice Lee <novicelee@NoviPro.local> 2024-12-11 14:22:42 +08:00			`raise MaxRetriesExceededError(f"Reached maximum retries ({max_retries}) for URL {url}")`
chore: refactor the http executor node (#5212) 2024-06-24 16:14:59 +08:00

feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`def get(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):`
chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00			`return make_request("GET", url, max_retries=max_retries, **kwargs)`
chore: refactor the http executor node (#5212) 2024-06-24 16:14:59 +08:00

feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`def post(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):`
chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00			`return make_request("POST", url, max_retries=max_retries, **kwargs)`
chore: refactor the http executor node (#5212) 2024-06-24 16:14:59 +08:00

feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00			`def put(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):`
chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00			`return make_request("PUT", url, max_retries=max_retries, **kwargs)`
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00

			`def patch(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):`
chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00			`return make_request("PATCH", url, max_retries=max_retries, **kwargs)`
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00

			`def delete(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):`
chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00			`return make_request("DELETE", url, max_retries=max_retries, **kwargs)`
feat: support max_retries in jina requests (#6585) 2024-07-25 13:10:39 +08:00

			`def head(url, max_retries=SSRF_DEFAULT_MAX_RETRIES, **kwargs):`
chore(api/core): apply ruff reformatting (#7624) 2024-09-10 17:00:20 +08:00			`return make_request("HEAD", url, max_retries=max_retries, **kwargs)`