diff --git a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
index 35f9491f77..8717f34964 100644
--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
@@ -48,6 +48,9 @@ public AttackResult completed(@RequestParam String url) {
   protected AttackResult furBall(String url) {
     if (url.matches("http://ifconfig\\.pro")) {
       String html;
+      if (!(url).toString().startsWith("https://webgoat.com/") && !(url).toString().startsWith("https://test.com/") && !(url).toString().startsWith("https://testing.test.com/")) {
+        throw new RuntimeException("Potential SSRF attempt");
+      }
       try (InputStream in = new URL(url).openStream()) {
         html =
             new String(in.readAllBytes(), StandardCharsets.UTF_8)