import type { Logger } from '../core/logger.js';
export interface SSRFOptions {
    /**
     * Allow connections to private/loopback/link-local IP addresses.
     * Default: false
     */
    allowPrivateNetwork?: boolean;
    /**
     * Whitelist of allowed hostnames (supports *.example.com wildcards).
     * If provided, only hosts matching the whitelist are allowed.
     */
    allowedHosts?: string[];
}
/**
 * Validates URLs to prevent Server-Side Request Forgery (SSRF) attacks.
 * Checks against private IP ranges and DNS resolution.
 */
export declare class SSRFValidator {
    private logger;
    constructor(logger: Logger);
    /**
     * Validate a URL against SSRF rules.
     * Throws ValidationError if the URL is not allowed.
     */
    validate(url: string, options?: SSRFOptions): Promise<void>;
    private lookupAllIpAddresses;
    private isAllowedHost;
    private isDisallowedIPv4;
    private isDisallowedIPv6;
}
//# sourceMappingURL=ssrf-validator.d.ts.map