Skip to content

[Feature]: Expose allowRfc2544BenchmarkRange in tools.web.fetch config for Surge/Clash fake-IP compatibility #27597

Open
Open
[Feature]: Expose allowRfc2544BenchmarkRange in tools.web.fetch config for Surge/Clash fake-IP compatibility#27597
Labels
staleMarked as stale due to inactivity
@chancheuklap

Description

@chancheuklap
chancheuklap
opened on Feb 26, 2026

Summary

Users running VPN/proxy tools with fake-IP mode (Surge Enhanced Mode, Clash fake-ip, Shadowrocket, etc.) cannot use web_fetch because the SSRF guard blocks the 198.18.0.0/15 (RFC 2544 benchmarking) range these tools use for DNS interception.

How fake-IP mode works

These proxy tools create a virtual network interface (e.g. utun) and assign fake IPs in the 198.18.0.0/15 range for all DNS queries. When an app connects to a fake IP, the proxy intercepts it at the IP layer and routes it through the configured proxy rules. This is essential for users in China and other restricted networks — it ensures ALL traffic (including apps that ignore system proxy / HTTP_PROXY env vars, like Node.js undici) goes through the proxy.

Current behavior

runWebFetch()fetchWithSsrFGuard()resolvePinnedHostnameWithPolicy() resolves the hostname, gets 198.18.x.x, and blocks it as a "special-use" IP address.

The blocking check in isBlockedSpecialUseIpv4Address() already supports an opt-out:

// ip-*.js
const inRfc2544BenchmarkRange = address.match(RFC2544_BENCHMARK_PREFIX);
if (inRfc2544BenchmarkRange && options.allowRfc2544BenchmarkRange === true) return false;

But runWebFetch() calls fetchWithSsrFGuard() without passing any policy, so allowRfc2544BenchmarkRange is always false. There is no config path to change this.

Proposed solution

Add ssrfPolicy (or at minimum allowRfc2544BenchmarkRange) to the tools.web.fetch config schema:

tools:
  web:
    fetch:
      allowRfc2544BenchmarkRange: true

And pass it through to fetchWithSsrFGuard() in runWebFetch().

Why this is different from #6298 (proxy support, closed as not planned)

  • [Feature]: Add HTTP proxy support for web_fetch tool #6298 asked to add HTTP proxy support which bypasses ALL SSRF protection — rightfully rejected for security reasons.
  • This request only asks to allow a single, specific, non-routable IP range (198.18.0.0/15, RFC 2544 benchmarking) that is never used on the public internet.
  • The SSRF guard continues to block all other private/internal/special-use ranges (RFC 1918, loopback, link-local, etc.).
  • The code already implements this check — it just needs a config path to reach it.

Who is affected

Every user running Surge (macOS/iOS), Clash, Shadowrocket, Quantumult X, or similar tools in Enhanced/fake-IP mode. This is effectively the entire user base in mainland China plus users in other restricted network environments.

Alternatives considered

Approach Problem
always-real-ip = * in Surge Defeats fake-IP benefits (zero-latency DNS, DNS pollution immunity, privacy)
Turn off Enhanced Mode Node.js/undici ignores system proxy → blocked sites become unreachable
exec + curl fallback Works but loses web_fetch features (readability extraction, caching, redirect handling)
browser.ssrfPolicy Only affects browser tool, not web_fetch

Environment

  • OS: macOS (Darwin, arm64)
  • Proxy: Surge Mac with Enhanced Mode
  • DNS resolution: all domains → 198.18.x.x (Surge fake-IP)
  • OpenClaw version: latest stable

Metadata

Metadata

Assignees

No one assigned

    Labels

    staleMarked as stale due to inactivity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions