Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> What does the setting disallow_private_ip_ranges control?

The setting `disallow_private_ip_ranges` is a configuration option for HTTP clients in both Ory Hydra and Ory Kratos. When this setting is enabled (set to `true`), all outgoing HTTP calls made by Ory Hydra or Ory Kratos are checked to see if they're against a private IP range. If they are, the request will fail with an error. This can be useful in scenarios where you want to disallow HTTP calls to private IP ranges for security reasons.  Here is how you can set this configuration:  ```yaml clients:     http:       disallow_private_ip_ranges: true   ```  Sources: - [Ory Hydra Documentation](<https://www.ory.sh/docs/hydra/self-hosted/production>) - [Ory Kratos Documentation](<https://www.ory.sh/docs/kratos/guides/production>)