nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1d0npefkxtfkcptjdawvwkfu58japhjfaljt4hqtpq2xqn8pt2nwqdjahqw check if you can GET aws+gcp metadata api by IP, check if you can do the same with A/AAA records and CNAMEs (using records from a domain you control). Same for 127.0.0.1 using whatever port the software’s server listens on, but you may just have to accept the risk for that one because idk how you fix that without resolving and testing every FQDN resolution result anyway.

My suggestion is to use content-type whitelist strategy I mentioned.