Skip to content

Add host allowlisting and IP blocking to Fetch server#2568

Open
olaservo wants to merge 2 commits intomainfrom
claude/issue-2317-20250817-1707
Open

Add host allowlisting and IP blocking to Fetch server#2568
olaservo wants to merge 2 commits intomainfrom
claude/issue-2317-20250817-1707

Conversation

@olaservo
Copy link
Member

@olaservo olaservo commented Aug 17, 2025

Implements security feature to prevent access to local/internal IP addresses by default. Addresses issue #2317.

Changes

  • Block access to private IP ranges by default
  • Add host allowlisting with wildcard support
  • Add configuration options for security customization
  • Implement socket-level validation to prevent TOCTOU attacks
  • Update documentation with security examples

Generated with Claude Code

@claude @olaservo
Add host allowlisting and IP blocking to Fetch server
a1226d4 
Implements security feature to prevent access to local/internal IP
addresses by default. Addresses the security risk mentioned in issue #2317.

Key changes:
- Block access to private IP ranges (127.0.0.0/8, 10.0.0.0/8, etc.) by default
- Add --allowed-hosts argument for domain allowlisting with wildcard support
- Add --allow-private-ips flag for development environments
- Add --blocked-ip-ranges for custom IP restrictions
- Implement socket-level hostname resolution to prevent TOCTOU attacks
- Update README with security documentation and configuration examples

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Ola Hungerford <olaservo@users.noreply.github.com>
@olaservo olaservo requested review from dend and jenn-newton August 17, 2025 17:13
@olaservo olaservo added server-filesystem Reference implementation for the Filesystem MCP server - src/filesystem server-fetch Reference implementation for the Fetch MCP server - src/fetch enhancement New feature or request and removed server-filesystem Reference implementation for the Filesystem MCP server - src/filesystem labels Aug 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jenn-newton jenn-newton Awaiting requested review from jenn-newton

@dend dend Awaiting requested review from dend

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request server-fetch Reference implementation for the Fetch MCP server - src/fetch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@olaservo