2 files changed, 16 insertions, 5 deletions

diff --git a/internal/netutil/netutil.go b/internal/netutil/netutil.go
index e3b3b8cc..5059d463 100644
--- a/internal/netutil/netutil.go
+++ b/internal/netutil/netutil.go
@@ -47,8 +47,15 @@ func init() {
 	}
 }
 
-// IsLocalHostname returns true if given hostname is a known local address.
-func IsLocalHostname(hostname string) bool {
+// IsLocalHostname returns true if given hostname is resolved to local network
+// address, except exempted from the allowlist.
+func IsLocalHostname(hostname string, allowlist []string) bool {
+	for _, allow := range allowlist {
+		if hostname == allow {
+			return false
+		}
+	}
+
 	ips, err := net.LookupIP(hostname)
 	if err != nil {
 		return true
diff --git a/internal/netutil/netutil_test.go b/internal/netutil/netutil_test.go
index 47be4e74..c65af2c0 100644
--- a/internal/netutil/netutil_test.go
+++ b/internal/netutil/netutil_test.go
@@ -12,8 +12,9 @@ import (
 
 func TestIsLocalHostname(t *testing.T) {
 	tests := []struct {
-		hostname string
-		want     bool
+		hostname  string
+		allowlist []string
+		want      bool
 	}{
 		{hostname: "localhost", want: true},
 		{hostname: "127.0.0.1", want: true},
@@ -27,10 +28,13 @@ func TestIsLocalHostname(t *testing.T) {
 		{hostname: "gogs.io", want: false},
 		{hostname: "google.com", want: false},
 		{hostname: "165.232.140.255", want: false},
+
+		{hostname: "192.168.123.45", allowlist: []string{"10.0.0.17"}, want: true},
+		{hostname: "gogs.local", allowlist: []string{"gogs.local"}, want: false},
 	}
 	for _, test := range tests {
 		t.Run("", func(t *testing.T) {
-			assert.Equal(t, test.want, IsLocalHostname(test.hostname))
+			assert.Equal(t, test.want, IsLocalHostname(test.hostname, test.allowlist))
 		})
 	}
 }