When a user adds a gateway or a cloud agent to DPOD, they can use DPOD to perform initial requests to any server in the organization, by providing its IP address.

Although the user must be an admin user, and although the request body and headers are predefined, and although firewall rules should prevent unauthorized access, this may be considered a security risk (SSRF).

To mitigate this risk, it is possible to restrict access only to specific hosts by configuring a list of allowed hosts using the following system parameter: Allowed Hosts.