Security
SSRF protection
private IP range validation on provider URLs
what it prevents
server-side request forgery (SSRF) where a malicious provider URL points to internal services. for example, custom:http://169.254.169.254 could leak cloud metadata credentials.
blocked ranges
provider URLs are validated before any request goes out:
| range | description |
|---|---|
127.0.0.0/8 | loopback |
10.0.0.0/8 | private class A |
172.16.0.0/12 | private class B |
192.168.0.0/16 | private class C |
169.254.0.0/16 | link-local / cloud metadata |
100.64.0.0/10 | CGNAT |
::1 | IPv6 loopback |
fe80::/10 | IPv6 link-local |
exceptions
ollama is intentionally exempt because it's designed to run on localhost.
configuration
SSRF protection is always on. there is no config flag to disable it.