From 29e767cb7331200c005d0e7eb954f3f1bf70ecdc Mon Sep 17 00:00:00 2001
From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Date: Thu, 24 Jul 2025 11:50:47 +0100
Subject: [PATCH] Update
 app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .../software/common/service/SsrfProtectionService.java     | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java b/app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java
index 89f8e6106..97c2da12e 100644
--- a/app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java
+++ b/app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java
@@ -199,7 +199,10 @@ public class SsrfProtectionService {
     }
 
     private boolean isCloudMetadataAddress(String ip) {
-        // AWS/GCP/Azure metadata endpoints
-        return ip.startsWith("169.254.169.254") || ip.startsWith("fd00:ec2::254");
+        // Cloud metadata endpoints for AWS, GCP, Azure, Oracle Cloud, and IBM Cloud
+        return ip.startsWith("169.254.169.254") // AWS/GCP/Azure
+                || ip.startsWith("fd00:ec2::254") // AWS IPv6
+                || ip.startsWith("169.254.169.253") // Oracle Cloud
+                || ip.startsWith("169.254.169.250"); // IBM Cloud
     }
 }