dify中智能体中调用外部接口报错403 frobidden问题

正在输入中…………

已于 2025-06-12 11:30:07 修改

阅读量561

点赞数 3

CC 4.0 BY-SA版权

分类专栏： AI 文章标签： dify 403 dify接口报错

于 2025-06-12 11:27:33 首次发布

本文链接：https://blog.csdn.net/qq_23435961/article/details/148606390

AI 专栏收录该内容

10 篇文章

订阅专栏

dify中智能体中调用外部接口报错问题

无法正常响应使用 443 以外端口的 HTTPS 请求和80 端口以外的HTTP请求，报错403 Forbidden

如下图：在这里插入图片描述

需要修改配置文件dify/docker/ssrf_proxy/squid.conf.template，并重启服务，我使用docker compose启的

$cat dify/docker/ssrf_proxy/squid.conf.template
acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
acl localnet src fc00::/7       	# RFC 4193 local private network range
acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443

acl SSL_ports port 1025-65535   # Enable the configuration to resolve this issue: https://github.com/langgenius/dify/issues/12792
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
acl allowed_domains dstdomain .marketplace.dify.ai
http_access allow allowed_domains
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
include /etc/squid/conf.d/*.conf
http_access deny all

################################## Proxy Server ################################
http_port ${HTTP_PORT}
coredump_dir ${COREDUMP_DIR}
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern .		0	20%	4320


# cache_dir ufs /var/spool/squid 100 16 256
# upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks
# cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default

################################## Reverse Proxy To Sandbox ################################
http_port ${REVERSE_PROXY_PORT} accel vhost
cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver
acl src_all src all
http_access allow src_all

# Unless the option's size is increased, an error will occur when uploading more than two files.
client_request_buffer_max_size 100 MB

root@dify:/data/dify/docker 
$docker compose restart
[+] Restarting 10/10
 ✔ Container docker-plugin_daemon-1  Started  10.5s 
 ✔ Container docker-nginx-1          Started  10.6s 
 ✔ Container docker-web-1            Started  10.4s 
 ✔ Container docker-api-1            Started  1.7s 
 ✔ Container docker-ssrf_proxy-1     Started  10.4s 
 ✔ Container docker-redis-1          Started  0.5s 
 ✔ Container docker-worker-1         Started  1.5s 
 ✔ Container docker-sandbox-1        Started  0.3s 
 ✔ Container docker-weaviate-1       Started  0.4s 
 ✔ Container docker-db-1             Started  0.4s 
root@dify:/data/dify/docker
$