Bug Description

web_fetch fails with SSRF blocked error when running behind a transparent proxy that uses fake-IP DNS (e.g., Surge Enhanced Mode on macOS). The same URLs work fine with web_search.

Environment

• macOS (Mac mini as network gateway)
• Surge Enhanced Mode (transparent proxy with fake-IP DNS)
• All DNS queries return virtual IPs in 198.18.0.0/15 (RFC 2544 benchmark range)

Error

Blocked: resolves to private/internal/special-use IP address

Every domain resolves to 198.18.x.x (Surge's fake-IP), which triggers the SSRF guard.

Root Cause

web-fetch.ts:532 calls fetchWithWebToolsNetworkGuard() without passing policy or useEnvProxy:

// web-fetch.ts L532 — no policy, no useEnvProxy
const result = await fetchWithWebToolsNetworkGuard({
  url: params.url,
  maxRedirects: params.maxRedirects,
  timeoutSeconds: params.timeoutSeconds,
  init: { headers: { ... } },
});

Meanwhile, web-search.ts:926 uses withTrustedWebToolsEndpoint() which injects allowRfc2544BenchmarkRange: true + useEnvProxy: true:

// web-search.ts L926 — works correctly
return withTrustedWebToolsEndpoint({ url, ... }, async ({ response }) => { ... });

The WEB_TOOLS_TRUSTED_NETWORK_SSRF_POLICY in web-guarded-fetch.ts already has the correct policy:

const WEB_TOOLS_TRUSTED_NETWORK_SSRF_POLICY: SsrFPolicy = {
  dangerouslyAllowPrivateNetwork: true,
  allowRfc2544BenchmarkRange: true,
};

Suggested Fix

Either:

1. Have web-fetch.ts use withTrustedWebToolsEndpoint() like web-search.ts does
2. Or pass policy: { allowRfc2544BenchmarkRange: true } and useEnvProxy: true to fetchWithWebToolsNetworkGuard()

Related Issues

• web_fetch fails when using VPN TUN mode (DNS hijacked to 198.18.x.x) #38986
• Allow configuring SSRF policy for channel media fetches (Surge/proxy fake-IP compatibility) #25086
• Feature request: configurable SSRF allowedHostnames in config #26945