I never successfully added my company’s self-hosted Azure OpenAI LLM into the Cursor IDE;
I encountered below error:
{“error”:{“type”:“client”,“reason”:“ssrf_blocked”,“message”:“connection to private IP is blocked”,“retryable”:false}}
Our Azure OpenAI LLM is protected behind the company’s VPN. However, I have a question: why do other IDEs like Chatwise, Plugins Roo Code, and Kilo Code have no issues connecting to the LLM from my local machine directly?
I’m unsure how Cursor communicates with the self-hosted LLM. It appears my prompt must be sent to the Cursor server before being forwarded to the LLM provider.
Do we have a workaround or other option to resolve this issue?
Steps to Reproduce
Open Cursor Settings
Go to Models page
Turn on Azure OpenAI
Fill in Base URL
Provide API Key
Click Add Custom Model, add model gpt-5-chat
Expected Behavior
I shall be able to communicate with my self-hosted Azure OpenAI LLM from my local machine directly
When you configure Azure OpenAI in Cursor with BYOK (Bring Your Own Key), the request flow is:
Your Machine → Cursor Servers → Azure OpenAI Endpoint
Because requests are proxied through Cursor’s infrastructure, we have SSRF (Server-Side Request Forgery) protection that blocks connections to private/internal IP ranges.
The other IDEs you mention likely make direct connections from your local machine to Azure OpenAI, so they can reach endpoints behind your VPN. Cursor’s architecture routes BYOK requests through our servers, which cannot access your private network.
In order to use Azure OpenAI, you’ll need to have an endpoint that is accessible via a public endpoint (secured via API keys).
I have a side question regarding the BYOK (Bring Your Own Key) mode, as I understand that requests are proxied through Cursor’s infrastructure. I noticed that Cursor offers two privacy modes: Privacy Mode (Legacy) and the newer Privacy Mode, which indicates that code may be stored for background agents and other features.
I want to double-check with you
If I choose to use newer Privacy Mode, the cursor server does not store my code in plaintext; only vector data is stored.
If you choose to index your codebase, Cursor will upload your codebase in small chunks to our server to compute embeddings, but all plaintext code for computing embeddings ceases to exist after the life of the request. The embeddings and metadata about your codebase (hashes, file names) may be stored in our database.
