Problem
When adding a custom provider, Manifest rejects URLs pointing to private or internal networks:
"URLs pointing to private or internal networks are not allowed"
This SSRF protection blocks localhost, 192.168.x.x, 10.x.x.x, 172.16.x.x, etc., which means users cannot connect to local LLM servers (LM Studio, vLLM, text-generation-webui, local Ollama on another machine, etc.) as custom providers.
Important: Custom providers with public API URLs (e.g., https://api.together.ai/v1) work fine everywhere. This only affects private/local network URLs.
Why this matters especially for Docker
The Docker image is the primary self-hosted distribution of Manifest. Users running it locally are very likely to have local LLM providers on their network. Today, the only local provider that works is Ollama, but only because it's a built-in provider that bypasses URL validation entirely (OLLAMA_HOST env var).
Current behavior
validatePublicUrl() in packages/backend/src/common/utils/url-validation.ts blocks all private IP ranges- Called on custom provider create and update (
custom-provider.service.ts)
- No way to override.
MANIFEST_MODE is not checked
- Built-in providers (Ollama) bypass this check entirely
Proposed solution
Add an environment variable (e.g., ALLOW_PRIVATE_URLS=true) that skips private IP validation for custom providers. Consider auto-enabling it when MANIFEST_MODE=local.
Cloud metadata IPs (169.254.169.254) should remain blocked regardless. These are never legitimate provider endpoints.
Key files
packages/backend/src/common/utils/url-validation.ts, validation logicpackages/backend/src/routing/custom-provider/custom-provider.service.ts, calls validation on create/update
Problem
When adding a custom provider, Manifest rejects URLs pointing to private or internal networks:
This SSRF protection blocks
localhost,192.168.x.x,10.x.x.x,172.16.x.x, etc., which means users cannot connect to local LLM servers (LM Studio, vLLM, text-generation-webui, local Ollama on another machine, etc.) as custom providers.Important: Custom providers with public API URLs (e.g.,
https://api.together.ai/v1) work fine everywhere. This only affects private/local network URLs.Why this matters especially for Docker
The Docker image is the primary self-hosted distribution of Manifest. Users running it locally are very likely to have local LLM providers on their network. Today, the only local provider that works is Ollama, but only because it's a built-in provider that bypasses URL validation entirely (
OLLAMA_HOSTenv var).Current behavior
validatePublicUrl()inpackages/backend/src/common/utils/url-validation.tsblocks all private IP rangescustom-provider.service.ts)MANIFEST_MODEis not checkedProposed solution
Add an environment variable (e.g.,
ALLOW_PRIVATE_URLS=true) that skips private IP validation for custom providers. Consider auto-enabling it whenMANIFEST_MODE=local.Cloud metadata IPs (
169.254.169.254) should remain blocked regardless. These are never legitimate provider endpoints.Key files
packages/backend/src/common/utils/url-validation.ts, validation logicpackages/backend/src/routing/custom-provider/custom-provider.service.ts, calls validation on create/update