Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix web_fetch 工具缺少 ssrfPolicy 配置,TUN 模式下被阻止 [2 pull requests, 3 comments, 3 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#44527Fetched 2026-04-08 00:45:44
View on GitHub
Comments
3
Participants
3
Timeline
8
Reactions
0
Author
litchi98litchi98
Participants
10216830531021683053litchi98litchi98xing-xing-coderxing-xing-coder
Timeline (top)
cross-referenced ×4commented ×3subscribed ×1

Fix Action

Fixed

PR fix notes

PR #44606: tools: add ssrfPolicy for web_fetch (TUN/proxy fake-IP support)

Description (problem / solution / changelog)

Add ssrfPolicy for web_fetch (TUN/proxy fake-IP support)

Fixes #44527

Problem

web_fetch fails under TUN-mode proxies (e.g. Clash Verge) because:

  • TUN mode hijacks DNS and returns fake-IPs (private ranges like 198.18.x.x, 10.x.x.x)
  • web_fetch SSRF checks block private/internal IPs
  • All requests are rejected with: Blocked: resolves to private/internal/special-use IP address

Solution

Add tools.web.fetch.ssrfPolicy so operators can opt in to allowing private-network resolution when using TUN/proxy setups.

Changes

  • Config schema: Add tools.web.fetch.ssrfPolicy with dangerouslyAllowPrivateNetwork, allowPrivateNetwork (legacy), allowedHostnames, hostnameAllowlist, and allowRfc2544BenchmarkRange
  • web-fetch: Read ssrfPolicy from config and pass it to fetchWithWebToolsNetworkGuard
  • Docs: Update docs/tools/web.md, docs/gateway/configuration-reference.md, and docs/gateway/security/index.md
  • Tests: Add a test for ssrfPolicy.dangerouslyAllowPrivateNetwork: true allowing private IPs

Usage

{
  "tools": {
    "web": {
      "fetch": {
        "ssrfPolicy": {
          "dangerouslyAllowPrivateNetwork": true
        }
      }
    }
  }
}

Design notes

  • Default remains strict (dangerouslyAllowPrivateNetwork: false)
  • Operator opt-in only; matches SECURITY.md break-glass model
  • Mirrors browser.ssrfPolicy for consistency

Changed files

  • docs/gateway/configuration-reference.md (modified, +3/-0)
  • docs/gateway/security/index.md (modified, +1/-0)
  • docs/tools/web.md (modified, +4/-1)
  • src/agents/tools/web-fetch.ssrf.test.ts (modified, +21/-0)
  • src/agents/tools/web-fetch.ts (modified, +31/-1)
  • src/config/schema.help.ts (modified, +10/-0)
  • src/config/schema.labels.ts (modified, +5/-0)
  • src/config/types.tools.ts (modified, +8/-0)
  • src/config/zod-schema.agent-runtime.ts (modified, +12/-0)

PR #44609: tools: add ssrfPolicy for web_fetch (TUN/proxy fake-IP support)

Description (problem / solution / changelog)

Add ssrfPolicy for web_fetch (TUN/proxy fake-IP support)

Fixes #44527

Problem

web_fetch fails under TUN-mode proxies (e.g. Clash Verge) because:

  • TUN mode hijacks DNS and returns fake-IPs (private ranges like 198.18.x.x, 10.x.x.x)
  • web_fetch SSRF checks block private/internal IPs
  • All requests are rejected with: Blocked: resolves to private/internal/special-use IP address

Solution

Add tools.web.fetch.ssrfPolicy so operators can opt in to allowing private-network resolution when using TUN/proxy setups.

Changes

  • Config schema: Add tools.web.fetch.ssrfPolicy with dangerouslyAllowPrivateNetwork, allowPrivateNetwork (legacy), allowedHostnames, hostnameAllowlist, and allowRfc2544BenchmarkRange
  • web-fetch: Read ssrfPolicy from config and pass it to fetchWithWebToolsNetworkGuard
  • Docs: Update docs/tools/web.md, docs/gateway/configuration-reference.md, and docs/gateway/security/index.md
  • Tests: Add a test for ssrfPolicy.dangerouslyAllowPrivateNetwork: true allowing private IPs

Usage

{
  "tools": {
    "web": {
      "fetch": {
        "ssrfPolicy": {
          "dangerouslyAllowPrivateNetwork": true
        }
      }
    }
  }
}

Design notes

  • Default remains strict (dangerouslyAllowPrivateNetwork: false)
  • Operator opt-in only; matches SECURITY.md break-glass model
  • Mirrors browser.ssrfPolicy for consistency

Changed files

  • docs/gateway/configuration-reference.md (modified, +3/-0)
  • docs/gateway/security/index.md (modified, +1/-0)
  • docs/tools/web.md (modified, +4/-1)
  • src/agents/tools/web-fetch.ssrf.test.ts (modified, +21/-0)
  • src/agents/tools/web-fetch.ts (modified, +31/-1)
  • src/config/schema.help.ts (modified, +10/-0)
  • src/config/schema.labels.ts (modified, +5/-0)
  • src/config/types.tools.ts (modified, +8/-0)
  • src/config/zod-schema.agent-runtime.ts (modified, +12/-0)

Code Example

[tools] web_fetch failed: Blocked: resolves to private/internal/special-use IP address

---

{
  browser: {
    ssrfPolicy: {
      dangerouslyAllowPrivateNetwork: true
    }
  }
}

---

{
  tools: {
    web: {
      fetch: {
        ssrfPolicy: {
          dangerouslyAllowPrivateNetwork: true  // 默认 false,用户可自行开启
        }
      }
    }
  }
}
RAW_BUFFERClick to expand / collapse

问题描述

OpenClaw 在 TUN 模式代理(如 Clash Verge)下,web_fetch 工具无法正常工作。

TUN 模式会劫持 DNS 解析并返回 fake-ip(私有 IP 地址),而 web_fetch 的 SSRF 安全检查会阻止访问私有 IP 地址,导致所有请求都被拦截。

错误日志

[tools] web_fetch failed: Blocked: resolves to private/internal/special-use IP address

现有解决方案

browser 工具已经支持 ssrfPolicy.dangerouslyAllowPrivateNetwork 配置:

{
  browser: {
    ssrfPolicy: {
      dangerouslyAllowPrivateNetwork: true
    }
  }
}

建议

web_fetch 工具添加类似的 ssrfPolicy 配置选项:

{
  tools: {
    web: {
      fetch: {
        ssrfPolicy: {
          dangerouslyAllowPrivateNetwork: true  // 默认 false,用户可自行开启
        }
      }
    }
  }
}

或者提供一个全局的 SSRF 策略配置,同时应用于 web_fetchbrowser 工具。

临时解决方案

目前用户只能:

  1. 在 Clash TUN 模式中排除 Gateway 进程
  2. 使用 browser 工具替代 web_fetch

环境

  • OpenClaw: v2026.3.11
  • 系统: macOS (arm64)
  • 代理: Clash Verge (TUN 模式)

extent analysis

Fix Plan

To fix the issue with web_fetch not working in TUN mode, we need to add a configuration option to allow private network access.

Here are the steps:

  • Add the following configuration to your OpenClaw settings:
{
  tools: {
    web: {
      fetch: {
        ssrfPolicy: {
          dangerouslyAllowPrivateNetwork: true
        }
      }
    }
  }
}

Alternatively, you can also add a global SSRF policy configuration that applies to both web_fetch and browser tools:

{
  ssrfPolicy: {
    dangerouslyAllowPrivateNetwork: true
  }
}

Verification

After applying the configuration changes, verify that web_fetch is working correctly by checking the logs for any error messages related to private network access. You can also test web_fetch with a sample request to a private IP address.

Extra Tips

Note that allowing private network access can pose a security risk, so make sure to only enable this option when necessary. Also, consider using the browser tool as an alternative to web_fetch if possible.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#ssr#installation#tensor shape#autograd error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING