- Webhooks - event delivery endpoints
- SSO - OIDC provider discovery
- AI - the AI provider base URL and custom AI tool calls
Disabled by default
The guard is off by default. In a self-hosted, single-tenant deployment the admin already controls the infrastructure and sets these URLs, so reaching internal hosts is not a privilege boundary - it is expected. Common setups depend on it:- An internal webhook receiver
- An OIDC provider on a private network
- A local model endpoint, such as Ollama on
localhostor a LAN address
Opting in
Turn it on when the outbound URLs come from parties you do not fully trust, such as a multi-tenant or hosted deployment. Configure it inconfig.toml:
allowed_cidrs to carve out known internal hosts you still need to reach while the guard is on.
