# validate_safe_url

> **Function** in `langchain_core`

📖 [View in docs](https://reference.langchain.com/python/langchain-core/_security/_ssrf_protection/validate_safe_url)

Validate a URL for SSRF protection.

This function validates URLs to prevent Server-Side Request Forgery (SSRF) attacks
by blocking requests to private networks and cloud metadata endpoints.

## Signature

```python
validate_safe_url(
    url: str | AnyHttpUrl,
    *,
    allow_private: bool = False,
    allow_http: bool = True,
) -> str
```

## Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `url` | `str \| AnyHttpUrl` | Yes | The URL to validate (string or Pydantic HttpUrl). |
| `allow_private` | `bool` | No | If `True`, allows private IPs and localhost (for development).           Cloud metadata endpoints are ALWAYS blocked. (default: `False`) |
| `allow_http` | `bool` | No | If `True`, allows both HTTP and HTTPS.  If `False`, only HTTPS. (default: `True`) |

## Returns

`str`

The validated URL as a string.

---

[View source on GitHub](https://github.com/langchain-ai/langchain/blob/02991cb4cf2063d51a07268edafb05fe53de1826/libs/core/langchain_core/_security/_ssrf_protection.py#L41)