[Feature]: Expose allowRfc2544BenchmarkRange in tools.web.fetch config for Surge/Clash fake-IP compatibility

[chancheuklap]

Summary

Users running VPN/proxy tools with fake-IP mode (Surge Enhanced Mode, Clash fake-ip, Shadowrocket, etc.) cannot use web_fetch because the SSRF guard blocks the 198.18.0.0/15 (RFC 2544 benchmarking) range these tools use for DNS interception.

How fake-IP mode works

These proxy tools create a virtual network interface (e.g. utun) and assign fake IPs in the 198.18.0.0/15 range for all DNS queries. When an app connects to a fake IP, the proxy intercepts it at the IP layer and routes it through the configured proxy rules. This is essential for users in China and other restricted networks — it ensures ALL traffic (including apps that ignore system proxy / HTTP_PROXY env vars, like Node.js undici) goes through the proxy.

Current behavior

runWebFetch() → fetchWithSsrFGuard() → resolvePinnedHostnameWithPolicy() resolves the hostname, gets 198.18.x.x, and blocks it as a "special-use" IP address.

The blocking check in isBlockedSpecialUseIpv4Address() already supports an opt-out:

// ip-*.js
const inRfc2544BenchmarkRange = address.match(RFC2544_BENCHMARK_PREFIX);
if (inRfc2544BenchmarkRange && options.allowRfc2544BenchmarkRange === true) return false;

But runWebFetch() calls fetchWithSsrFGuard() without passing any policy, so allowRfc2544BenchmarkRange is always false. There is no config path to change this.

Proposed solution

Add ssrfPolicy (or at minimum allowRfc2544BenchmarkRange) to the tools.web.fetch config schema:

tools:
  web:
    fetch:
      allowRfc2544BenchmarkRange: true

And pass it through to fetchWithSsrFGuard() in runWebFetch().

Why this is different from #6298 (proxy support, closed as not planned)

• [Feature]: Add HTTP proxy support for web_fetch tool #6298 asked to add HTTP proxy support which bypasses ALL SSRF protection — rightfully rejected for security reasons.
• This request only asks to allow a single, specific, non-routable IP range (198.18.0.0/15, RFC 2544 benchmarking) that is never used on the public internet.
• The SSRF guard continues to block all other private/internal/special-use ranges (RFC 1918, loopback, link-local, etc.).
• The code already implements this check — it just needs a config path to reach it.

Who is affected

Every user running Surge (macOS/iOS), Clash, Shadowrocket, Quantumult X, or similar tools in Enhanced/fake-IP mode. This is effectively the entire user base in mainland China plus users in other restricted network environments.

Alternatives considered

Approach	Problem
always-real-ip = * in Surge	Defeats fake-IP benefits (zero-latency DNS, DNS pollution immunity, privacy)
Turn off Enhanced Mode	Node.js/undici ignores system proxy → blocked sites become unreachable
exec + curl fallback	Works but loses web_fetch features (readability extraction, caching, redirect handling)
browser.ssrfPolicy	Only affects browser tool, not web_fetch

Environment

• OS: macOS (Darwin, arm64)
• Proxy: Surge Mac with Enhanced Mode
• DNS resolution: all domains → 198.18.x.x (Surge fake-IP)
• OpenClaw version: latest stable

[Sid-Qin]

Submitted a fix in PR #27684. Adds tools.web.fetch.allowRfc2544BenchmarkRange config option and threads it through fetchWithWebToolsNetworkGuard → fetchWithSsrFGuard, so the existing opt-out in isBlockedSpecialUseIpv4Address() becomes reachable from config.

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[xing-xing-coder]

PR #51407 implements exactly what you requested — it exposes allowRfc2544BenchmarkRange in the tools.web.fetch.ssrfPolicy config.

Set tools.web.fetch.ssrfPolicy.allowRfc2544BenchmarkRange: true in your config to allow Surge/Clash fake-IP ranges through the SSRF guard. See #25215 for the full discussion.