GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity

fix: allow Docker networking hostnames in SSRF check for local Ollama

Browse Source 
The SSRF protection was blocking endpoint tests for Ollama because
host.docker.internal and ollama-host resolve to private IPs.

These Docker networking hostnames are now allowlisted:
- host.docker.internal (Docker's standard for reaching host)
- ollama-host (custom alias defined in docker-compose)
- gateway.docker.internal (Docker gateway)

This enables Community Edition users to test local Ollama endpoints
while maintaining SSRF protection against other private IP access.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
HackWeasel
2025-12-15 16:12:28 -05:00
parent 1dbc93f53b
commit 676d48ea1f
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/control-panel-backend/app/api/v1/models.py
View File

@@ -30,15 +30,31 @@ def is_private_ip(url: str) -> bool:
SSRF Protection: Prevents requests to private networks (RFC1918),
localhost, loopback, and other reserved IP ranges.
Also resolves hostnames to check if they point to private IPs.
Exception: Docker networking hostnames (host.docker.internal, ollama-host)
are allowed for Community Edition local deployments where services
need to reach the host machine from within containers.
"""
import socket
# Docker networking hostnames allowed for local model access (Ollama, vLLM, etc.)
# These only work inside Docker containers and are explicitly configured in docker-compose
DOCKER_ALLOWED_HOSTS = {
'host.docker.internal', # Docker's standard for reaching host (macOS/Windows/Linux)
'ollama-host', # Custom alias for Ollama defined in docker-compose
'gateway.docker.internal', # Docker gateway (sometimes used)
}
try:
parsed = urlparse(url)
hostname = parsed.hostname
if not hostname:
return True
# Allow Docker networking hostnames for local model access
if hostname.lower() in DOCKER_ALLOWED_HOSTS:
return False
# Check for localhost variants
if hostname in ('localhost', '127.0.0.1', '::1', '0.0.0.0', '0', 'localhost.localdomain'):
return True