diff --git a/controllers/admin/config.go b/controllers/admin/config.go
index a68a6ec95..32e8575af 100644
--- a/controllers/admin/config.go
+++ b/controllers/admin/config.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"net/netip"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -409,6 +410,14 @@ func SetServerURL(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Block Private IP URLs
+	ipAddr, ipErr := netip.ParseAddr(utils.GetHostnameWithoutPortFromURLString(rawValue))
+
+	if ipErr == nil && ipAddr.IsPrivate() {
+		controllers.WriteSimpleResponse(w, false, "Server URL cannot be private")
+		return
+	}
+
 	// Trim any trailing slash
 	serverURL := strings.TrimRight(rawValue, "/")
 
diff --git a/utils/utils.go b/utils/utils.go
index 3b02fae47..649e736f2 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -382,6 +382,16 @@ func GetHostnameFromURLString(s string) string {
 	return u.Host
 }
 
+// GetHostnameWithoutPortFromURLString will return the hostname component without the port from a URL object.
+func GetHostnameWithoutPortFromURLString(s string) string {
+	u, err := url.Parse(s)
+	if err != nil {
+		return ""
+	}
+
+	return u.Hostname()
+}
+
 // GetHashtagsFromText returns all the #Hashtags from a string.
 func GetHashtagsFromText(text string) []string {
 	re := regexp.MustCompile(`#[a-zA-Z0-9_]+`)