pub fn validate_url_not_private(url: &str) -> Result<(), HttpError>Expand description
Validate that a URL does not target private/internal network addresses (SSRF protection). Checks the hostname against deny-listed private IP ranges.
Enforcement is controlled by ATI_SSRF_PROTECTION env var:
- “1” or “true”: block requests to private addresses (default in proxy mode)
- “warn”: log a warning but allow the request
- unset/other: allow the request (for local development/testing)