Secure Fetch
Secure fetch to prevent access to local resources
Secure Fetch
This project implements a secure URL fetching tool using FastMCP.
Prerequisites
- Python 3.7+
- uv (Python package installer and environment manager)
Installation
- Install uv if you haven't already:
pip install uv
- Create a new virtual environment and install dependencies:
uv venv source .venv/bin/activate uv pip install fastmcp requests
Usage
- Set the allowlist environment variable (optional):
export SECURE_FETCH_ALLOWLIST="example.com,trusted-domain.org"
- Run the script:
uv run main.py
Features
- Fetches URLs securely
- Resolves domains to IPs
- Checks for private/internal IPs
- Handles redirects (up to 3)
- Supports custom HTTP methods and headers
- Uses an allowlist for trusted domains/IPs
Security Considerations
- The tool prevents access to private/internal IPs unless explicitly allowed
- Only HTTP and HTTPS schemes are permitted
- SNI is set to match the hostname for HTTPS connections
Example Usage
Once the script is running, you can use the fetch_url function to securely fetch URLs. The function will return a dictionary containing the status code, response body, and content length.
Note
This tool is designed for secure URL fetching. Always review and understand the code before using it in your environment.
Related Servers
Bright Data
sponsorDiscover, extract, and interact with the web - one interface powering automated access across the public internet.
Leapfrog
Multi-session browser MCP for AI agents — stealth mode, session pooling, humanization, 10x fewer tokens than Playwright
yt-dlp
Download video and audio content from various websites like YouTube, Facebook, and Tiktok using yt-dlp.
MCP FetchPage
Intelligent web page fetching with automatic cookie support and CSS selector extraction.
MCP Webscan Server
Fetch, analyze, and extract information from web pages.
LinkedIn
Scrape LinkedIn profiles, companies, and jobs using direct URLs. Features Claude AI integration and secure credential storage.
Instagram Downloader
A server to download videos and media from Instagram.
Crawl4AI RAG
Integrates web crawling and Retrieval-Augmented Generation (RAG) into AI agents and coding assistants.
Puppeteer
Browser automation using Puppeteer, with support for local, Docker, and Cloudflare Workers deployments.
MCP Rquest
An MCP server for making advanced HTTP requests with browser emulation, including PDF and HTML to Markdown conversion.
MCP Browser Console Capture Service
A browser automation service for capturing console output, useful for tasks like public sentiment analysis.