Secure Fetch
Secure fetch to prevent access to local resources
Secure Fetch
This project implements a secure URL fetching tool using FastMCP.
Prerequisites
- Python 3.7+
- uv (Python package installer and environment manager)
Installation
- Install uv if you haven't already:
pip install uv
- Create a new virtual environment and install dependencies:
uv venv source .venv/bin/activate uv pip install fastmcp requests
Usage
- Set the allowlist environment variable (optional):
export SECURE_FETCH_ALLOWLIST="example.com,trusted-domain.org"
- Run the script:
uv run main.py
Features
- Fetches URLs securely
- Resolves domains to IPs
- Checks for private/internal IPs
- Handles redirects (up to 3)
- Supports custom HTTP methods and headers
- Uses an allowlist for trusted domains/IPs
Security Considerations
- The tool prevents access to private/internal IPs unless explicitly allowed
- Only HTTP and HTTPS schemes are permitted
- SNI is set to match the hostname for HTTPS connections
Example Usage
Once the script is running, you can use the fetch_url function to securely fetch URLs. The function will return a dictionary containing the status code, response body, and content length.
Note
This tool is designed for secure URL fetching. Always review and understand the code before using it in your environment.
Related Servers
AI Shopping Assistant
A conversational AI shopping assistant for web-based product discovery and decision-making.
Simple MCP Tool Server
A simple MCP server that provides a tool for fetching website content using SSE transport.
ElToque MCP Server
Fetches USD and EUR prices from the Cuban parallel market via eltoque.com.
Puppeteer Vision
Scrape webpages and convert them to markdown using Puppeteer. Features AI-driven interaction capabilities.
MCP YouTube Transcript Server
Retrieves transcripts from YouTube videos for content analysis and processing.
MCP Image Downloader
A server for downloading and optimizing images from the web.
Web Fetch
Fetches and converts web content, ideal for data extraction and web scraping.
brosh
A browser screenshot tool to capture scrolling screenshots of webpages using Playwright, with support for intelligent section identification and multiple output formats.
Scrapezy
Extract structured data from websites using the Scrapezy API.
iReader MCP
Tools for reading and extracting content from the internet.