SSRF Guardrails: Preventing Internal Proxying

Security · updated Mon Feb 23

Stopping agents from accessing internal cloud metadata or local IP ranges.

Steps

  1. Block agent tool access to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
  2. Disable access to Cloud Metadata endpoints (e.g., 169.254.169.254).
  3. Enforce a 'Non-Recursive' redirect policy for all agent-initiated HTTP calls.
  4. Use a dedicated Egress Proxy to filter all outgoing tool traffic.
  5. Validate and sanitize URLs before passing them to any 'Read' or 'Fetch' tool.

view raw JSON →