GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity

fix: allow Docker networking hostnames in SSRF check for local Ollama

Browse Source 
The SSRF protection was blocking endpoint tests for Ollama because
host.docker.internal and ollama-host resolve to private IPs.

These Docker networking hostnames are now allowlisted:
- host.docker.internal (Docker's standard for reaching host)
- ollama-host (custom alias defined in docker-compose)
- gateway.docker.internal (Docker gateway)

This enables Community Edition users to test local Ollama endpoints
while maintaining SSRF protection against other private IP access.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
HackWeasel
2025-12-15 16:12:28 -05:00
parent 1dbc93f53b
commit 676d48ea1f
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/control-panel-backend/app/api/v1/models.py
View File

@@ -30,15 +30,31 @@ def is_private_ip(url: str) -> bool:
SSRF Protection: Prevents requests to private networks (RFC1918), SSRF Protection: Prevents requests to private networks (RFC1918),
localhost, loopback, and other reserved IP ranges. localhost, loopback, and other reserved IP ranges.
Also resolves hostnames to check if they point to private IPs. Also resolves hostnames to check if they point to private IPs.
Exception: Docker networking hostnames (host.docker.internal, ollama-host)
are allowed for Community Edition local deployments where services
need to reach the host machine from within containers.
""" """
import socket import socket
# Docker networking hostnames allowed for local model access (Ollama, vLLM, etc.)
# These only work inside Docker containers and are explicitly configured in docker-compose
DOCKER_ALLOWED_HOSTS = {
'host.docker.internal', # Docker's standard for reaching host (macOS/Windows/Linux)
'ollama-host', # Custom alias for Ollama defined in docker-compose
'gateway.docker.internal', # Docker gateway (sometimes used)
}
try: try:
parsed = urlparse(url) parsed = urlparse(url)
hostname = parsed.hostname hostname = parsed.hostname
if not hostname: if not hostname:
return True return True
# Allow Docker networking hostnames for local model access
if hostname.lower() in DOCKER_ALLOWED_HOSTS:
return False
# Check for localhost variants # Check for localhost variants
if hostname in ('localhost', '127.0.0.1', '::1', '0.0.0.0', '0', 'localhost.localdomain'): if hostname in ('localhost', '127.0.0.1', '::1', '0.0.0.0', '0', 'localhost.localdomain'):
return True return True