feat: add experimental IP filtering for domains and update related settings

setting/system_setting/fetch_setting.go

@@ -16,8 +16,8 @@ type FetchSetting struct {
 var defaultFetchSetting = FetchSetting{
 	EnableSSRFProtection:   true, // 默认开启SSRF防护
 	AllowPrivateIp:         false,
-	DomainFilterMode:       true,
-	IpFilterMode:           true,
+	DomainFilterMode:       false,
+	IpFilterMode:           false,
 	DomainList:             []string{},
 	IpList:                 []string{},
 	AllowedPorts:           []string{"80", "443", "8080", "8443"},

web/src/components/settings/SystemSetting.jsx

@@ -92,8 +92,8 @@ const SystemSetting = () => {
     // SSRF防护配置
     'fetch_setting.enable_ssrf_protection': true,
     'fetch_setting.allow_private_ip': '',
-    'fetch_setting.domain_filter_mode': true, // true 白名单，false 黑名单
-    'fetch_setting.ip_filter_mode': true, // true 白名单，false 黑名单
+    'fetch_setting.domain_filter_mode': false, // true 白名单，false 黑名单
+    'fetch_setting.ip_filter_mode': false, // true 白名单，false 黑名单
     'fetch_setting.domain_list': [],
     'fetch_setting.ip_list': [],
     'fetch_setting.allowed_ports': [],
@@ -726,10 +726,10 @@ const SystemSetting = () => {
                     style={{ marginTop: 16 }}
                   >
                     <Col xs={24} sm={24} md={24} lg={24} xl={24}>
-                      <Banner type='warning' description={t('此功能为实验性选项，域名可能解析到多个 IPv4/IPv6 地址，若开启，请确保 IP 过滤列表覆盖这些地址，否则可能导致访问失败。')} style={{ marginBottom: 8 }} />
                       <Form.Checkbox
                         field='fetch_setting.apply_ip_filter_for_domain'
                         noLabel
+                        extraText={t('域名IP过滤详细说明')}
                         onChange={(e) =>
                           handleCheckboxChange('fetch_setting.apply_ip_filter_for_domain', e)
                         }

web/src/i18n/locales/en.json

@@ -2098,7 +2098,6 @@
   "支持通配符格式，如：example.com, *.api.example.com": "Supports wildcard format, e.g.: example.com, *.api.example.com",
   "域名白名单详细说明": "Whitelisted domains bypass all SSRF checks and are allowed direct access. Supports exact domains (example.com) or wildcards (*.api.example.com) for subdomains. When whitelist is empty, all domains go through SSRF validation.",
   "输入域名后回车，如：example.com": "Enter domain and press Enter, e.g.: example.com",
-  "IP白名单": "IP Whitelist",
   "支持CIDR格式，如：8.8.8.8, 192.168.1.0/24": "Supports CIDR format, e.g.: 8.8.8.8, 192.168.1.0/24",
   "IP白名单详细说明": "Controls which IP addresses are allowed access. Use single IPs (8.8.8.8) or CIDR notation (192.168.1.0/24). Empty whitelist allows all IPs (subject to private IP settings), non-empty whitelist only allows listed IPs.",
   "输入IP地址后回车，如：8.8.8.8": "Enter IP address and press Enter, e.g.: 8.8.8.8",
@@ -2106,5 +2105,10 @@
   "支持单个端口和端口范围，如：80, 443, 8000-8999": "Supports single ports and port ranges, e.g.: 80, 443, 8000-8999",
   "端口配置详细说明": "Restrict external requests to specific ports. Use single ports (80, 443) or ranges (8000-8999). Empty list allows all ports. Default includes common web ports.",
   "输入端口后回车，如：80 或 8000-8999": "Enter port and press Enter, e.g.: 80 or 8000-8999",
-  "更新SSRF防护设置": "Update SSRF Protection Settings"
+  "更新SSRF防护设置": "Update SSRF Protection Settings",
+  "对域名启用 IP 过滤（实验性）": "Enable IP filtering for domains (experimental)",
+  "域名IP过滤详细说明": "⚠️ This is an experimental option. A domain may resolve to multiple IPv4/IPv6 addresses. If enabled, ensure the IP filter list covers these addresses, otherwise access may fail.",
+  "域名黑名单": "Domain Blacklist",
+  "白名单": "Whitelist",
+  "黑名单": "Blacklist"
 }

web/src/i18n/locales/zh.json

@@ -31,5 +31,6 @@
   "支持单个端口和端口范围，如：80, 443, 8000-8999": "支持单个端口和端口范围，如：80, 443, 8000-8999",
   "端口配置详细说明": "限制外部请求只能访问指定端口。支持单个端口（80, 443）或端口范围（8000-8999）。空列表允许所有端口。默认包含常用Web端口。",
   "输入端口后回车，如：80 或 8000-8999": "输入端口后回车，如：80 或 8000-8999",
-  "更新SSRF防护设置": "更新SSRF防护设置"
+  "更新SSRF防护设置": "更新SSRF防护设置",
+  "域名IP过滤详细说明": "⚠️此功能为实验性选项，域名可能解析到多个 IPv4/IPv6 地址，若开启，请确保 IP 过滤列表覆盖这些地址，否则可能导致访问失败。"
 }