Skip to content

feat(web_fetch): add allowed_private_hosts config for SSRF bypass#4590

Merged
theonlyhennygod merged 1 commit into
masterfrom
feat/4549-allowed-private-hosts
Mar 24, 2026
Merged

feat(web_fetch): add allowed_private_hosts config for SSRF bypass#4590
theonlyhennygod merged 1 commit into
masterfrom
feat/4549-allowed-private-hosts

Conversation

@theonlyhennygod
Copy link
Copy Markdown
Collaborator

@theonlyhennygod theonlyhennygod commented Mar 24, 2026

Summary

  • Add allowed_private_hosts field to WebFetchConfig for explicit opt-in access to private/internal hosts
  • Defaults to empty list (secure by default, no behavior change for existing users)
  • blocked_domains takes precedence over allowed_private_hosts
  • Logs warning when private hosts are accessed for auditability
  • Enables use cases like local SearxNG, internal docs servers, dev APIs

Test plan

  • All 54 web_fetch tests pass (including 4 new tests)
  • allowed_private_host_bypasses_ssrf_block - allowed private IP works
  • unallowed_private_host_still_blocked - non-listed private IP blocked
  • blocklist_overrides_allowed_private_host - blocked_domains wins
  • allowed_private_host_with_port - host:port matching works
  • Existing configs work without modification (backward compatible)

Closes #4549

@github-actions github-actions Bot added config Auto scope: src/config/** changed. tool Auto scope: src/tools/** changed. tool:web labels Mar 24, 2026
@theonlyhennygod theonlyhennygod merged commit 71d3730 into master Mar 24, 2026
19 checks passed
@theonlyhennygod theonlyhennygod deleted the feat/4549-allowed-private-hosts branch March 24, 2026 19:07
@ArchBirdie
Copy link
Copy Markdown

ArchBirdie commented Mar 25, 2026

I'm guessing this didn't make it into the v0.6.2 release?
I don't seem to be able to use it on my updated deb 6.2 image.

@ArchBirdie ArchBirdie mentioned this pull request Mar 28, 2026
Closed
2 tasks
rareba added a commit to rareba/zeroclaw that referenced this pull request Mar 29, 2026
@rareba
feat(http_request): add allowed_private_hosts config for granular SSR…
e29082c 
…F bypass

Add `allowed_private_hosts` field to `HttpRequestConfig` enabling explicit
opt-in access to specific private/internal hosts, mirroring the web_fetch
implementation from PR zeroclaw-labs#4590. This provides a more granular alternative to
the existing blanket `allow_private_hosts` boolean.

Closes zeroclaw-labs#4868
@rareba rareba mentioned this pull request Mar 29, 2026
Closed
@Audacity88 Audacity88 mentioned this pull request May 14, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JordanTheJet JordanTheJet Awaiting requested review from JordanTheJet

Assignees

No one assigned

Labels

config Auto scope: src/config/** changed. tool:web tool Auto scope: src/tools/** changed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature]: Allowlist for web fetch to ip and port or cidr and port

2 participants

@theonlyhennygod @ArchBirdie