From 064a65698cf4e20d1130d59e3371eeb3a6139eb1 Mon Sep 17 00:00:00 2001
From: Georges-Antoine Assi <contact@me.gantoine.com>
Date: Wed, 3 Jun 2026 16:21:27 -0400
Subject: [PATCH] add non-global IPs as forbidden

---
 backend/utils/ssrf.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/utils/ssrf.py b/backend/utils/ssrf.py
index 118f0afa7..f9e819d2b 100644
--- a/backend/utils/ssrf.py
+++ b/backend/utils/ssrf.py
@@ -54,6 +54,7 @@ def is_forbidden_ip(ip: ipaddress.IPv4Address | ipaddress.IPv6Address) -> bool:
         or ip.is_reserved
         or ip.is_multicast
         or ip.is_unspecified
+        or not ip.is_global
     )