How OpenClaw's Built-in SSRF Protection Blocked My Self-Hosted Mattermost Images

TL;DR After connecting OpenClaw to a self-hosted Mattermost instance, agents completely ignored images sent in chat. The culprit: OpenClaw's built-in SSRF (Server-Side Request Forgery) protection was automatically blocking all fetches to private 192.168.x.x addresses. The fix was a single line of code — but tracking down the cause took a while. Background My home lab runs Mattermost on a self-hosted server. The OpenClaw Mattermost plugin connected and text chat worked perfectly. But the moment a user sent an image, the agent acted like it didn't exist. Manual curl fetched the image just fine. Agent config looked correct. So what was happening? Investigation Grepping the Gateway logs revealed the cause immediately: blocked URL fetch target=http://192.168.x.x:8065/api/v4/files/xxxxx reason=Blocked hostname or private/internal/special-use IP address OpenClaw's fetchRemoteMedia function has built-in SSRF protection. This is entirely correct security design — since agents can fetch arbitrar

How OpenClaw's Built-in SSRF Protection Blocked My Self-Hosted Mattermost Images

Related Articles

Thunderbird: Introducing our Public Roadmaps

How I Scraped Most Dark Stores in India — Blinkit, Zepto & Swiggy Instamart

Claude Code /branch Command Turned My Sessions Into Decision Trees

Much ado about protein

I'm OK being left behind, thanks

Related Articles

News
Thunderbird: Introducing our Public Roadmaps
Lobsters • 25m ago

News
How I Scraped Most Dark Stores in India — Blinkit, Zepto & Swiggy Instamart
Medium Programming • 33m ago

News
Claude Code /branch Command Turned My Sessions Into Decision Trees
Medium Programming • 48m ago

News
Much ado about protein
The Verge • 49m ago

News
I'm OK being left behind, thanks
Lobsters • 55m ago