block local addresses to prevent SSRF attacks

commafeed-server/src/main/java/com/commafeed/CommaFeedConfiguration.java

@@ -138,6 +138,16 @@ public interface CommaFeedConfiguration {
 		@WithDefault("5M")
 		MemorySize maxResponseSize();
 
+		/**
+		 * Prevent access to local addresses to mitigate server-side request forgery (SSRF) attacks, which could potentially expose internal
+		 * resources.
+		 *
+		 * You may want to disable this if you subscribe to feeds that are only available on your local network and you trust all users of
+		 * your CommaFeed instance.
+		 */
+		@WithDefault("true")
+		boolean blockLocalAddresses();
+
 		/**
 		 * HTTP client cache configuration
 		 */