Commit graph

1 commit

Author SHA1 Message Date
Danny Avila
630cb59e3b 🛡️ fix: Optionally Block Private IPs On User-Provided baseURL
When an admin configures a custom endpoint with `baseURL: 'user_provided'`,
each end user supplies their own base URL via the UI. Without
validation, a user can point that URL at internal services (cloud
metadata endpoints, intranet APIs, etc.), causing the backend to issue
requests to those addresses on every model-listing fetch.

Add `interface.blockPrivateUserBaseURL` (default `false` to preserve
current behavior). When enabled, the `/api/keys` PUT handler parses
the encrypted user-key payload and rejects values whose `baseURL`
fails an http(s) protocol check or resolves to a private, loopback,
or link-local IP. Operators running self-hosted LLMs on private IPs
can leave the flag off; multi-tenant deployments should turn it on.

This is save-time validation; runtime fetch sites should additionally
adopt SSRF-safe agents (defense in depth).
2026-05-03 13:51:13 -04:00