Custom hosts with private network routing — including the
TRUSTED_CUSTOM_HOSTS allowlist — applies only to hybrid and air-gapped enterprise deployments of the Portkey AI Gateway. On Portkey SaaS, custom host URLs must be publicly reachable; routing to private or internal network IPs is not supported.custom_host parameter routes Portkey Gateway requests to your own model endpoints — whether running locally, in a private cloud, or on custom infrastructure. Portkey validates all custom host URLs to prevent SSRF attacks.
Setting a custom host
Specify a custom host using one of these methods:custom_host in a Gateway config target:
Include the version path (e.g.,
/v1) in the custom_host URL. Portkey appends the endpoint path (/chat/completions, /responses, etc.) automatically.Blocked host patterns
Portkey validates all custom host URLs to prevent requests to internal network resources. The following IP ranges and patterns are blocked by default:Private IPv4 ranges
Reserved IPv4 ranges
Cloud metadata endpoints
IPv6 local and private ranges
IP obfuscation tricks
The following alternate IP representations are also blocked to prevent bypass attempts:- Decimal form — e.g.,
2130706433(resolves to127.0.0.1) - Hexadecimal form — e.g.,
0x7f000001(resolves to127.0.0.1) - Shortened IPv4 — e.g.,
127.1(resolves to127.0.0.1) - Octal notation — e.g.,
0177.0.0.1(resolves to127.0.0.1)
Trusted custom hosts (allowlist)
Portkey maintains a trusted hosts allowlist that overrides the blocked patterns above. By default, the following hosts are trusted:Even though
127.0.0.1 and ::1 fall within blocked ranges, they are allowed through the trusted hosts path. Port validation still applies (must be between 1 and 65535).Adding hosts to the allowlist
To route to a private network IP (e.g.,172.31.2.45), add it to the trusted hosts allowlist using the TRUSTED_CUSTOM_HOSTS environment variable.
TRUSTED_CUSTOM_HOSTS is available only on self-hosted hybrid and air-gapped enterprise deployments of the Portkey AI Gateway.custom_host set to http://172.31.2.45:8008/v1/ will then pass validation.
Validation rules for trusted hosts
Even for trusted hosts, Portkey enforces:- Port range — The port must be between
1and65535 - Host-only matching — Only the hostname or IP is checked against the allowlist, not the full URL

