Allow configuring SSRF policy for channel media fetches (Surge/proxy fake-IP compatibility)

[xwzp]

Problem

Since 2026.2.22, OpenClaw's SSRF protection blocks the RFC 2544 benchmarking range (198.18.0.0/15). This breaks inbound media downloads (e.g., Telegram photos) for users behind proxy tools that use fake-IP DNS, such as Surge, Clash, and similar.

Background

Surge (and other proxy tools) use a "fake IP" mechanism for domain-based traffic routing:

1. App queries DNS for api.telegram.org
2. Surge intercepts and returns a virtual IP in 198.18.0.0/15 (e.g., 198.18.2.192), mapping it internally to the real domain
3. When the app connects to this virtual IP, Surge intercepts the connection, looks up the original domain, and routes it through the correct proxy policy

This is essential for proxying all protocols (not just HTTP) by domain name, and is widely used in China and other regions where proxy tools are necessary for internet access.

What happens

When OpenClaw tries to download media from https://api.telegram.org/file/bot.../photos/file_xxx.jpg:

1. DNS resolves to 198.18.x.x (Surge fake IP)
2. SSRF guard sees this as a special-use IP → blocks the request
3. User gets: ⚠️ Failed to download media. Please try again.

Log:

[telegram] media group: skipping photo that failed to fetch: MediaFetchError: Failed to fetch media from https://api.telegram.org/file/bot.../photos/file_xxx.jpg: SsrFBlockedError: Blocked: resolves to private/internal/special-use IP address

Workaround limitations

Surge's always-real-ip can exempt specific domains from fake-IP, but this degrades proxy functionality for those domains (loses the ability to do domain-based routing, increases latency, may cause connectivity issues). It's not a viable long-term solution.

Proposed solution

fetchRemoteMedia() already accepts an optional ssrfPolicy parameter, but the Telegram (and other channel) resolveMedia() functions don't pass it through. The browser config already supports this:

{
"browser": {
"ssrfPolicy": {
"allowPrivateNetwork": true
}
}
}

Please add a similar option at the channel level or as a global setting, e.g.:

// Global
{ "ssrfPolicy": { "allowPrivateNetwork": true } }

// Or per-channel
{ "channels": { "telegram": { "ssrfPolicy": { "allowPrivateNetwork": true } } } }

Environment

• OpenClaw: 2026.2.22-2
• Proxy: Surge (macOS, gateway mode with fake-IP DNS)
• Channel: Telegram
• OS: macOS (Apple Silicon)

[Alex-wangyang]

Same here. Actually the new version of OpenClaw's SSRF protection blocks most of the outgoing fetching actions includingTelegram media fetch and web-fetch of Openclaw. Awaiting for hot-fix asap.

[steipete]

Duplicate of #24454.

Same feature gap and solution direction:

• FakeIP/proxy environments hitting SSRF private/special-use blocks
• need configurable SSRF/private-address policy relaxation (global/per-channel allowlist/policy knobs)

#24454 is already the canonical tracker for this broader FakeIP/proxy SSRF-config request, so closing this duplicate to keep design discussion centralized.