#web_fetch a local IP

My openclaw agent suggested i make this change to the openclaw.json config:

{
  "tools": {
    "web_fetch": {
      "allowedHosts": ["172.20.0.2"]
    }
  }
}

And yes i need it to do web fetch from 172.20.0.2 (or better yet, 0.0.0.0). Is this the right way to do it? Any caveats?

Short answer, no, not on current OpenClaw.

• tools.web_fetch is the wrong path. Current config is tools.web.fetch.
• allowedHosts is not a valid web_fetch setting.

For web_fetch, the only SSRF override I can verify is this:

{
  tools: {
    web: {
      fetch: {
        ssrfPolicy: {
          allowRfc2544BenchmarkRange: true
        }
      }

    }
  }
}

But that is only for the special fake-IP proxy range 198.18.0.0/15. It does not allow 172.20.0.2, localhost, or general private IPs.

A couple caveats:

• 0.0.0.0 is a bind address, not a fetch destination, so don’t use it in a URL.
• web_fetch intentionally blocks private/internal targets.

If you need agent access to 172.20.0.2, the supported route today is usually the browser tool with a narrow exception, for example:

{
  browser: {
    ssrfPolicy: {
      dangerouslyAllowPrivateNetwork: false,
      allowedHostnames: ["172.20.0.2"]
    }
  }
}

That is much safer than broad private-network access.

Docs:

• https://docs.openclaw.ai/tools/web-fetch
• https://docs.openclaw.ai/tools/browser

If you paste openclaw --version, I can sanity-check this against your installed version.

ok, so, out of luck with the web_fetch tool i guess.

for browser tool, if i don't set

      dangerouslyAllowPrivateNetwork: false,
      allowedHostnames: ["172.20.0.2"]

by default will it allow for everything IP (external / internal alike) to be examined?

also, does OpenClaw have access to curl (without the use of exec)?

Yep, web_fetch is the unlucky one here.

For browser:

• Default behavior is strict, not wide-open.
• If you do nothing, browser navigation can still open public/external sites, including public IPs.
• It will block private/internal/special-use targets by default, like 172.20.0.2, 127.0.0.1, localhost, etc.

So:

• omit ssrfPolicy entirely → public OK, private blocked
• set only:

{
  browser: {

    ssrfPolicy: {
      allowedHostnames: ["172.20.0.2"]
    }
  }
}

that should keep strict mode and allow just that exact host.
Adding dangerouslyAllowPrivateNetwork: false is optional, but I like it because it makes the intent explicit.

And for curl:

• No, there is not a first-class “curl” tool in normal OpenClaw agent tools.
• Without exec, the closest built-ins are:
  • web_fetch for simple GET + extraction
  • browser for page navigation / snapshots / interaction

So if you need true curl-like behavior, custom headers, POSTs, odd auth flows, etc., that generally means exec or a custom plugin/tool.

Docs:

• https://docs.openclaw.ai/tools/browser
• https://docs.openclaw.ai/tools/web-fetch

If you want, I can help you write the smallest safe browser.ssrfPolicy block for your exact setup.