diff --git a/web/index.php b/web/index.php
index fca2268..fde41d2 100755
--- a/web/index.php
+++ b/web/index.php
@@ -57,6 +57,25 @@ switch ($url[0]) {
 
         $js = $_REQUEST['js'] == 'false' ? false : true;
 
+        if (defined('BLOCK_PRIVATE_IPS') && BLOCK_PRIVATE_IPS) {
+            $host = parse_url($target, PHP_URL_HOST);
+            if (filter_var($host, FILTER_VALIDATE_IP)) {
+                $resolvedIp = $host;
+            } else {
+                $resolvedIp = gethostbyname($host);
+                if ($resolvedIp === $host) {
+                    header('HTTP/1.0 403 Forbidden');
+                    echo 'URL not allowed';
+                    exit;
+                }
+            }
+            if (isPrivateIP($resolvedIp)) {
+                header('HTTP/1.0 403 Forbidden');
+                echo 'URL not allowed';
+                exit;
+            }
+        }
+
         $serverUrl = 'http://localhost:4444';
         $options = new \Facebook\WebDriver\Chrome\ChromeOptions();
         $options->addArguments(['--headless', '--disable-gpu', '--no-sandbox', '--disable-dev-shm-usage']);