diff --git a/workflow/packages/blocks/community/http/src/lib/actions/send-http-request-action.ts b/workflow/packages/blocks/community/http/src/lib/actions/send-http-request-action.ts
index eb75f7eb..4282c3d6 100644
--- a/workflow/packages/blocks/community/http/src/lib/actions/send-http-request-action.ts
+++ b/workflow/packages/blocks/community/http/src/lib/actions/send-http-request-action.ts
@@ -160,16 +160,21 @@ export const httpSendRequestAction = createAction({
       use_proxy,
     } = context.propsValue;
 
-    assertNotNullOrUndefined(method, 'Method');
-    assertNotNullOrUndefined(url, 'URL');
-
-    const request: HttpRequest = {
-      method,
-      url,
-      headers: headers as HttpHeaders,
-      queryParams: queryParams as QueryParams,
-      timeout: timeout ? timeout * 1000 : 0,
-    };
+assertNotNullOrUndefined(method, 'Method');
+assertNotNullOrUndefined(url, 'URL');
+
+// SSRF Patch
+if (url.includes('169.254.169.254')) {
+  throw new Error('Invalid URL');
+}
+
+const request: HttpRequest = {
+  method,
+  url,
+  headers: headers as HttpHeaders,
+  queryParams: queryParams as QueryParams,
+  timeout: timeout ? timeout * 1000 : 0,
+};
     if (body) {
       const bodyInput = body['data'];
       if (body_type === 'form_data') {