Comment 1 for bug 1808720

Filtering out is quite tricky because it will probably miss two kinds of things:

- a hostname which resolves to a local address
- a remote URL which redirects to a local address

The best option is probably to setup an HTTP proxy without access to local resources and then force all OpenID requests through it.