The docs link about 'why-is-ssrf_proxy-needed' is outdated

[saifeiLee]

Self Checks

• [X] I have searched for existing issues search for existing issues, including closed ones.
• [X] I confirm that I am using English to submit report (我已阅读并同意 Language Policy).
• [X] [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
• [X] Please do not modify this template :) and fill in all the required fields.

Provide a description of requested docs changes

The link about 'why-is-ssrf_proxy-needed' is outdated. We should update it.

[dosubot[bot]]

Hello @saifeiLee! I'm here to help you with any bugs, questions, or contributions while you wait for a human maintainer. Let me know how I can assist you!

You can update the outdated link about 'why-is-ssrf_proxy-needed' in the documentation. The current link is:

For more information on SSRF attacks, you can read [this article](https://portswigger.net/web-security/ssrf).

You can replace it with the updated link as needed. Here is the updated content:

You may have noticed the `SSRF_PROXY` environment variable in the `docker-compose.yaml` file. This is crucial because the local deployment of Dify uses `SSRF_PROXY` to prevent Server-Side Request Forgery (SSRF) attacks. For more details on SSRF attacks, refer to [this resource](https://portswigger.net/web-security/ssrf).

To reduce potential risks, we have set up a proxy for all services that could be vulnerable to SSRF attacks. This proxy ensures that services like Sandbox can only access external networks through it, thereby protecting your data and services. By default, this proxy does not intercept any local requests. However, you can customize the proxy's behavior by modifying the `squid` configuration file.

#### How to Customize Proxy Behavior?

In the `docker/volumes/ssrf_proxy/squid.conf` file, you can find the `squid` configuration file where you can customize the proxy's behavior. For example, you can add ACL rules to restrict access or `http_access` rules to control access. Here is a simple example:

acl restricted_ip dst 192.168.101.19 acl localnet src 192.168.101.0/24

http_access deny restricted_ip http_access allow localnet http_access deny all

This is just a basic example. You can customize the proxy's behavior according to your needs. For more complex configurations, such as setting up an upstream proxy or configuring caching, refer to the [Squid configuration documentation](http://www.squid-cache.org/Doc/config/).

Additionally, the FAQ section in the documentation also mentions the importance of SSRF_PROXY:

### 18. SSRF_PROXYが必要な理由とは？

コミュニティエディションの `docker-compose.yaml` では、一部のサービスに `SSRF_PROXY` と `HTTP_PROXY` 環境変数が設定されています。これらは全て、`ssrf_proxy` コンテナを指しており、SSRF攻撃を防ぐために利用されています。SSRF攻撃について詳しく学びたい方は、[こちらの記事](https://portswigger.net/web-security/ssrf)をご覧ください。

不必要なリスクを避けるために、SSRF攻撃の可能性があるすべてのサービスにプロキシを設定し、Sandboxのようなサービスがプロキシを通じてのみ外部ネットワークにアクセスできるようにしています。これにより、データとサービスのセキュリティが強化されます。デフォルトでは、このプロキシはローカルリクエストをインターセプトしませんが、`squid` 構成ファイルを変更することで、プロキシの動作をカスタマイズできます。

For more details, you can refer to the relevant sections in the documentation ^[1][2][3][4].

To continue talking to Dosu, mention @dosu.

[crazywoola]

Close #8516